Office of Public Affairs Five Russian GRU Officers and One Civilian Charged for Conspiring to Hack Ukrainian Government United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppPara Notícias en EspañolppNote View the indictment here ppIn an indictment unsealed today a grand jury in Maryland charged six computer hackers all of whom were residents and nationals of the Russian Federation Russia with conspiracy to commit computer intrusion and wire fraud conspiracy Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate GRU a military intelligence agency of the General Staff of the Armed Forces The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and is now also charged with wire fraud conspiracyppNote Concurrent with the return of the indictment the US Department of States Rewards for Justice program is offering a reward of up to 10 million for information on any of the defendants locations or their malicious cyberactivity Anyone possessing such information should contact Rewards for Justice here ppThe indictment alleges that these GRU hackers and their coconspirator engaged in a conspiracy to hack into exfiltrate data from leak information obtained from and destroy computer systems associated with the Ukrainian Government in advance of the Russian invasion of Ukraine The defendants did so in order to sow concern among Ukrainian citizens regarding the safety of their government systems and personal data The defendants targets included Ukrainian Government systems and data with no military or defenserelated roles Later targets included computer systems in countries around the world that were providing support to Ukraine including the United States and 25 other North Atlantic Treaty Organization NATO countriesppThe GRUs WhisperGate campaign including targeting Ukrainian critical infrastructure and government systems of no military value is emblematic of Russias abhorrent disregard for innocent civilians as it wages its unjust invasion said Assistant Attorney General Matthew G Olsen of the National Security Division Todays indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our alliesppThe FBI and its international partners are relentless in our commitment to thwarting GRU attacks across the globe and bringing to justice those responsible for these criminal acts said FBI Deputy Director Paul Abbate Our work protecting against cyber threats in a rapidly evolving landscape continues including deployment of all tools in our arsenal to defend our infrastructure and impose costs on those who target itppSince July 2021 the US Department of States Rewards for Justice RFJ program administered by the Diplomatic Security Service DSS has offered a reward of up to 10 million for information leading to the identification or location of any person who while acting at the direction or under the control of a foreign government participates in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act said DSS Deputy Assistant Secretary for Threat Investigations and Analysis Paul Houston Under this reward offer the RFJ program is seeking information leading to the location of these individuals GRUs malicious cyber activity or associated individuals and entitiesppTodays superseding indictment underscores our commitment to using all the tools at our disposal to pursue those who would do us and our allies around the world harm said US Attorney Erek L Barron for the District of Maryland Cyber intrusion schemes such as the one alleged threaten our national security and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminalsppThrough strokes on a keyboard the accused criminals used computers to cross into countries hunting for weaknesses and seeking to harm The FBI and our law enforcement partners both national and international will collectively defend against Russias aggressive and illegal actions said Special Agent in Charge William J DelBagno of the FBI Baltimore Field Office We are united in identifying prosecuting and protecting against future crimes and vow to relentlessly hunt down and counter these threatsppThe defendants charged in the indictment are Yuriy Denisov Юрий Денисов a colonel in the Russian military and a commanding officer of Cyber Operations for Unit 29155 four lieutenants in the Russian military assigned to Unit 29155 who worked on cyber operations Vladislav Borovkov Владислав Боровков Denis Denisenko Денис Денисенко Dmitriy Goloshubov Дима Голошубов and Nikolay Korchagin Николай Корчагин and a civilian coconspirator Amin Sitgal Амин СтигалppAccording to court documents on Jan 13 2022 the defendants conspired to use a USbased companys services to distribute malware known in the cybersecurity community as WhisperGate which was designed to look like ransomware to dozens of Ukrainian government entities computer systems However as the indictment alleges WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine Ukrainian government networks subjected to this attack included the Ukrainian Ministry of Internal Affairs State Treasury Judiciary Administration State Portal for Digital Services Ministry of Education and Science Ministry of Agriculture State Service for Food Safety and Consumer Protection Ministry of Energy Accounting Chamber for Ukraine State Emergency Service State Forestry Agency and Motor Insurance BureauppIn conjunction with these attacks the defendants compromised several of the targeted Ukrainian computer systems exfiltrated sensitive data including patient health records and defaced the websites to read Ukrainians All information about you has become public be afraid and expect the worst This is for your past present and future That same day the defendants offered the hacked data for sale on the internetppThe US government previously joined with allies and partners in May 2022 to attribute this cyberattack to the Russian military and to condemn the attack and similar destructive cyber activities against UkraineppIn October 2022 the defendants also hacked the transportation infrastructure of a Central European country that was supporting Ukraine Beginning in August 2021 the defendants also probed a variety of protected computer systems including those associated with 26 NATO member countries searching for potential vulnerabilities The indictment further alleges that from Aug 5 2021 to Feb 3 2022 the defendants leveraged the same computer infrastructure they used in the Ukrainerelated attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networksppThis indictment is part of an international effort Operation Toy Soldier to combat the malicious cyber activity by Unit 29155 of the GRU Accompanying todays announcement the FBI and 12 other partners representing governments of nine countries released a Joint Cybersecurity Advisory to enhance network defense efforts against Unit 29155s malicious cyber activitiesppThe FBI Baltimore Field Office is investigating the case with assistance from FBI Milwaukee and Boston Field OfficesppAssistant US Attorneys Aaron SJ Zelinsky and Robert I Goldaris for the District of Maryland are prosecuting the case with valuable assistance from the National Security Divisions National Security Cyber Section ppCole Bridges also known as Cole Gonzales 24 of Stow Ohio was sentenced to 168 months in prison followed by 10 years of supervised release for attempting to provide materialppThe Justice Department today announced a courtauthorized law enforcement operation that disrupted a botnet consisting of more than 200000 consumer devices in the United States and worldwide As described inppRyan Wesley Routh 58 of Hawaii has been charged by a criminal complaint in the Southern District of Florida with firearms charges related to an incident at Trump International GolfppOffice of Public Affairs
US Department of Justice
950 Pennsylvania Avenue NW
Washington DC 20530ppOffice of Public Affairs Direct Line
2025142007ppDepartment of Justice Main Switchboard
2025142000ppSignup for Email Updates
Social MediappppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppPara Notícias en EspañolppNote View the indictment here ppIn an indictment unsealed today a grand jury in Maryland charged six computer hackers all of whom were residents and nationals of the Russian Federation Russia with conspiracy to commit computer intrusion and wire fraud conspiracy Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate GRU a military intelligence agency of the General Staff of the Armed Forces The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and is now also charged with wire fraud conspiracyppNote Concurrent with the return of the indictment the US Department of States Rewards for Justice program is offering a reward of up to 10 million for information on any of the defendants locations or their malicious cyberactivity Anyone possessing such information should contact Rewards for Justice here ppThe indictment alleges that these GRU hackers and their coconspirator engaged in a conspiracy to hack into exfiltrate data from leak information obtained from and destroy computer systems associated with the Ukrainian Government in advance of the Russian invasion of Ukraine The defendants did so in order to sow concern among Ukrainian citizens regarding the safety of their government systems and personal data The defendants targets included Ukrainian Government systems and data with no military or defenserelated roles Later targets included computer systems in countries around the world that were providing support to Ukraine including the United States and 25 other North Atlantic Treaty Organization NATO countriesppThe GRUs WhisperGate campaign including targeting Ukrainian critical infrastructure and government systems of no military value is emblematic of Russias abhorrent disregard for innocent civilians as it wages its unjust invasion said Assistant Attorney General Matthew G Olsen of the National Security Division Todays indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our alliesppThe FBI and its international partners are relentless in our commitment to thwarting GRU attacks across the globe and bringing to justice those responsible for these criminal acts said FBI Deputy Director Paul Abbate Our work protecting against cyber threats in a rapidly evolving landscape continues including deployment of all tools in our arsenal to defend our infrastructure and impose costs on those who target itppSince July 2021 the US Department of States Rewards for Justice RFJ program administered by the Diplomatic Security Service DSS has offered a reward of up to 10 million for information leading to the identification or location of any person who while acting at the direction or under the control of a foreign government participates in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act said DSS Deputy Assistant Secretary for Threat Investigations and Analysis Paul Houston Under this reward offer the RFJ program is seeking information leading to the location of these individuals GRUs malicious cyber activity or associated individuals and entitiesppTodays superseding indictment underscores our commitment to using all the tools at our disposal to pursue those who would do us and our allies around the world harm said US Attorney Erek L Barron for the District of Maryland Cyber intrusion schemes such as the one alleged threaten our national security and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminalsppThrough strokes on a keyboard the accused criminals used computers to cross into countries hunting for weaknesses and seeking to harm The FBI and our law enforcement partners both national and international will collectively defend against Russias aggressive and illegal actions said Special Agent in Charge William J DelBagno of the FBI Baltimore Field Office We are united in identifying prosecuting and protecting against future crimes and vow to relentlessly hunt down and counter these threatsppThe defendants charged in the indictment are Yuriy Denisov Юрий Денисов a colonel in the Russian military and a commanding officer of Cyber Operations for Unit 29155 four lieutenants in the Russian military assigned to Unit 29155 who worked on cyber operations Vladislav Borovkov Владислав Боровков Denis Denisenko Денис Денисенко Dmitriy Goloshubov Дима Голошубов and Nikolay Korchagin Николай Корчагин and a civilian coconspirator Amin Sitgal Амин СтигалppAccording to court documents on Jan 13 2022 the defendants conspired to use a USbased companys services to distribute malware known in the cybersecurity community as WhisperGate which was designed to look like ransomware to dozens of Ukrainian government entities computer systems However as the indictment alleges WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine Ukrainian government networks subjected to this attack included the Ukrainian Ministry of Internal Affairs State Treasury Judiciary Administration State Portal for Digital Services Ministry of Education and Science Ministry of Agriculture State Service for Food Safety and Consumer Protection Ministry of Energy Accounting Chamber for Ukraine State Emergency Service State Forestry Agency and Motor Insurance BureauppIn conjunction with these attacks the defendants compromised several of the targeted Ukrainian computer systems exfiltrated sensitive data including patient health records and defaced the websites to read Ukrainians All information about you has become public be afraid and expect the worst This is for your past present and future That same day the defendants offered the hacked data for sale on the internetppThe US government previously joined with allies and partners in May 2022 to attribute this cyberattack to the Russian military and to condemn the attack and similar destructive cyber activities against UkraineppIn October 2022 the defendants also hacked the transportation infrastructure of a Central European country that was supporting Ukraine Beginning in August 2021 the defendants also probed a variety of protected computer systems including those associated with 26 NATO member countries searching for potential vulnerabilities The indictment further alleges that from Aug 5 2021 to Feb 3 2022 the defendants leveraged the same computer infrastructure they used in the Ukrainerelated attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networksppThis indictment is part of an international effort Operation Toy Soldier to combat the malicious cyber activity by Unit 29155 of the GRU Accompanying todays announcement the FBI and 12 other partners representing governments of nine countries released a Joint Cybersecurity Advisory to enhance network defense efforts against Unit 29155s malicious cyber activitiesppThe FBI Baltimore Field Office is investigating the case with assistance from FBI Milwaukee and Boston Field OfficesppAssistant US Attorneys Aaron SJ Zelinsky and Robert I Goldaris for the District of Maryland are prosecuting the case with valuable assistance from the National Security Divisions National Security Cyber Section ppCole Bridges also known as Cole Gonzales 24 of Stow Ohio was sentenced to 168 months in prison followed by 10 years of supervised release for attempting to provide materialppThe Justice Department today announced a courtauthorized law enforcement operation that disrupted a botnet consisting of more than 200000 consumer devices in the United States and worldwide As described inppRyan Wesley Routh 58 of Hawaii has been charged by a criminal complaint in the Southern District of Florida with firearms charges related to an incident at Trump International GolfppOffice of Public Affairs
US Department of Justice
950 Pennsylvania Avenue NW
Washington DC 20530ppOffice of Public Affairs Direct Line
2025142007ppDepartment of Justice Main Switchboard
2025142000ppSignup for Email Updates
Social MediappppHave a question about Government Servicesp
