The Breach Report
Posts
Hacker Amin Stigal Wanted For Russian GRU Malware Operations

Hacker Amin Stigal Wanted For Russian GRU Malware Operations

Rewards for Justice posts $10M bounty for information or location for Stigal

Rob Waters
July 02, 2024 • ⏱️ Reading Time: 7 minutes

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Rewards for Justice is offering up to $10 million for information or the location of Amin Stigal. Stigal is linked to the Russian GRU for WhisperGate malware operations. (source: Rewards for Justice)

$10 Million Reward for Information on GRU Hacker Amin Stigal Targeting US Critical Infrastructure

Rewards for Justice is offering a $10 million reward for information leading to the location of Amin Timovich Stigal (Амин Тимович Стигал), a hacker linked to Russian Military Intelligence (also known as GRU) and its WhisperGate malware operations. Stigal, 22 years old, is a Russian citizen and is still at large.

Stigal was indicted last week by a federal judge of the Department of Justice in Maryland with conspiracy to hack into and destroy computer systems and data. In advance of the full-scale Russian invasion of Ukraine in February 2022, targets included Ukrainian Government systems and data with no military or defense-related roles.

Later targets included computer systems in countries that were providing support to Ukraine, including NATO members and the United States. The indictment alleges that Stigal and members of the GRU conspired to use a U.S.-based company's services to distribute WhisperGate malware to dozens of Ukrainian government entities, aiming to destroy their computer systems and data.

How WhisperGate malware renders targets unrecoverable

WhisperGate malware infected targets, appearing as ransomware, while actually deleting the data, rendering the systems useless.

These attacks using the WhisperGate malware also defaced websites, leaked stolen data, and rendered compromised systems unrecoverable.

According to Mandiant, in recent years, the use of "fake" ransomware to carry out destructive attacks has been a recurring tactic, technique, and procedure (TTP) for Russian threat groups.

Mandiant associates WhisperGate's attacks closely with threat actor group UNC2589. UNC2589 was active as early as 2020, supporting Russian government goals.

Targeting U.S. Critical Infrastructure

Stigal and the GRU are known to have targeted critical infrastructure in the U.S., particularly in the energy, government, and aerospace sectors. They have scanned for vulnerabilities, mapped networks, and identified potential website weaknesses.

Report Information to Rewards for Justice

If you have information on Amin Stigal, the GRU's malicious cyber activity, or associated individuals and entities, contact Rewards for Justice via their Tor-based tips-reporting channel address:

he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required)

More information is available on the Rewards for Justice site.

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our blog:

Review: Samsung Odyssey G50D Series 32″ Monitor

New from our favorite blogs and journalists:

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion (Mandiant)
Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool (404 Media)
eBay Removes Listing for StingRay Cellphone Spying Tech (404 Media)
AI trains on kids’ photos even when parents use strict privacy settings (Ars Technica)
“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux (Ars Technica)
Mac users served info-stealer malware through Google ads (Ars Technica)
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk (Ars Technica)
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data (The Hacker News)
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (The Hacker News)
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights (The Hacker News)
Google to Block Entrust Certificates in Chrome Starting November 2024 (The Hacker News)

Today’s Cyber Wall of Shame

Amin Stigal, ladies and gentlemen:

A Federal Bureau of Investigation Most Wanted alert for Amin Timovich Stigal, the Russian GRU-linked hacker. (source: FBI)

Join the live session: automate compliance & streamline security reviews

Whether you’re starting or scaling your company’s security program, demonstrating top-notch security practices and establishing trust is more important than ever.

Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money — while helping you build customer trust.

And, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Join Vanta’s 45-minute live session on July 9th at 12 pm PST to see the platform in action and ask your questions.

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.

Reply

or to participate.