Fake ransomware created by Russian GRU Unit  29155 attacked Ukraine and NATO—a month before the full  scale  invasion.

Eaten by a GRU

What’s the craic? Brian Witte reports: US widens indictment of Russians in ‘WhisperGate’ conspiracy

“Misdeeds in the dark”
A superseding indictment … names five Russian military intelligence officers … in the so-called WhisperGate malware attacks aimed at destroying computer systems in Ukraine and 26 NATO allies including the United States. [It] could be considered Russia’s first shot in the war, said William DelBagno, special agent in charge of the FBI’s Baltimore field office
…
A federal grand jury in Baltimore indicted … Vladislav Borovkov, Denis Denisenko, Yury Denisov, Dmitry Goloshubov and Nikolai Korchagin—along with Amin Timovich Stigal, … indicted in June. It accuses them of conspiring to gain unauthorized access to computers associated with the governments of Ukraine and its allies.
…
DelBagno said the indictments are the result of years of collaboration with partners and law enforcement in Europe: “To the Russian criminals, the world is watching. … You do not carry out misdeeds in the dark.”

What do these five new alleged perps have in common? Joe Warminsky picks up the story: Russia’s WhisperGate hacks against Ukraine

“Espionage, sabotage”
Federal agencies continued to confront Russian cyber-operations, … unsealing an indictment against members of a Russian military intelligence unit involved with the destructive WhisperGate malware and other hacking campaigns. … Five members of Unit 29155 of the Russian General Staff Main Intelligence Directorate — the GRU — and an affiliated civilian “[conspired] to hack into, exfiltrate data from, leak information obtained from and destroy computer systems associated with the Ukrainian Government in advance of the Russian invasion of Ukraine,” the DOJ said.
…
The FBI, CISA, … NSA [and] the UK’s National Cyber Security Centre [said] Ukraine remains a top target, … but Unit 29155 hackers “have conducted computer network operations against numerous members of the North Atlantic Treaty Organization (NATO) in Europe and North America, as well as countries in Europe, Latin America, and Central Asia.” … Unit 29155 continues to undertake “computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm.”

But what did they do? Lucian Constantin minces no words: US charges 5 Russian spies

“Reward of up to $10 million”
According to the indictment, the attacks against Ukraine started about one month before Russia’s invasion and involved data-wiping malware called WhisperGate, as well as data theft and subsequent leaking of personal information with the purpose of causing Ukrainian citizens to question the safety of their government’s systems. The attacks targeted critical infrastructure systems, but also government agencies that had no military role.
…
WhisperGate is a two-stage ransomware-like malware program that corrupts files and deletes a computer’s master boot record, replacing it with a ransom note, [leaving] the system unable to boot back into the operating system. … Using ransomware as a false flag to hide the real source and purpose of an operation is not a new tactic. In fact, it’s hard not to see the similarities [with] NotPetya, another faux-ransomware attack launched in 2017 by GRU Unit 74455 (Sandworm)
…
In addition to the charges, the US State Department is offering a reward of up to $10 million for any information about the location of the five defendants or about their cyber activities. … Unit 29155 activities have been tracked in the security industry as Cadet Blizzard, Ember Bear, Frozenvista, UNC2589, and UAC-0056.

How bad was it? nvemb3r gives everyone a clear picture:

Just to give everyone a clear picture of how bad this is, this wiper malware has had a kinetic effect since the war in Ukraine broke out. Once systems at their border agency got infected, the authorities in Ukraine have had to do their customs and immigration tasks using paper.
…
[It] has stalled evacuations out of the country, and has only enabled more civilian deaths. The perpetrators of these attacks ought to be treated as war criminals.

Of course, it can be tricky to extradite Russians from Russia. Bendacious ponders possible Russian repercussion: [You’re fired—Ed.]

If the feds manage to get their hands on any of these people they’d better hope there are no US citizens in Russia. Otherwise there will be more fake espionage charges and then a prisoner swap. Putin loves a photo opportunity with the total scumbags he’s ‘rescued’ from US jails.

Will a $10 million bounty help? Nilt knows:

The rewards offered are also quite useful because plenty of folks around the world keep an eye out for exactly that sort of thing. Even if they end up in a country without an extradition treaty, nearly all such nations are perfectly happy to extradite them anyway. … Despite what Hollywood likes to imply, criminals generally aren’t welcome in a new country. They tend to keep criming and very few nations wish to deal with that bull**** if they don’t have to.
…
Read up on INTERPOL Red Notices.

Should we be surprised? XXongo has a question for you:

I have a question for you: What kind of idiot thinks that the Russians aren’t trying to hack into our systems with every tool that they can come up with?

What else could be done? Elastoer offers a harsher solution:

It’s too bad that President Ford’s executive order prevents political assassination attempts.

Meanwhile, handyrandyrc has the tl;dr:

Orcs gonna orc.

And Finally:

Lipa vs. Strummer, Simonon, Jones, Headon

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Office of the President of Ukraine