Maryland Federal Grandy Jury Indicts Amin Timovich Stigal
By Kaila Hall
On June 25, 2024, a Maryland Federal Grand Jury charged1 Russian national Amin Timovich Stigal with conspiracy to hack into and destroy the Ukrainian Government’s computer systems and data ahead of Russia’s invasion in February 2022. Stigal allegedly attacked computer systems in countries that supported Ukraine, including the United States. Stigal currently remains at large. The U.S. District Court in Maryland issued a warrant for Stigal’s arrest. The Department of State is offering a reward2 of up to $10 million for information on Stigal’s location or his malicious cyber activity.
Stigal has been linked to several Russian cyberattacks against Ukraine and NATO-allied nations in recent years. From August 5, 2021, through February 3, 2022, Stigal and the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) used the data-wiping malware WhisperGate to examine U.S. Federal Government computers in Maryland. The WhisperGate malware initially wipes all computer files, then proceeds to imitate ransomware by displaying a ransom note demanding $10,000 in Bitcoin. In the event that the ransom was paid, the computer data would be irretrievable, nonetheless. Per court documents from the U.S. District Court in Maryland, Stigal and GRU probed U.S. government websites and computers 63 times. The District Court did not disclose whether the probing of U.S. systems in Maryland was successful. The indictment stated that Stigal and the Russian military officers used fake identities, a global network of computers, and cryptocurrency to conceal their connection to the Russian government.
The U.S. District Court in Maryland’s indictment also pointed to an incident Stigal was involved in on January 13, 2022, in which he allegedly conspired with the GRU to use “WhisperGate” to launch cyber-attacks against the Ukrainian Government. Leading up to the invasion of Ukraine, the Russian military urged Stigal to hack into Ukrainian government computers that deal with matters of critical infrastructure,3 agriculture, education, science, and emergency services. Stigal and the GRU targeted multiple Ukrainian government entities,4 including the Ukrainian Ministry of International Affairs, the State Treasury, the Judiciary Administration, the State Portal for Digital Services, the Ministry of Education and Science, the Ministry of Agriculture, the State Service for Food Safety and Consumer Protection, the Ministry of Energy, the Accounting Chamber for Ukraine, the State Emergency Service, the State Forestry Agency, and the Motor Insurance Bureau.
Federal prosecutors5 alleged that the Ukrainian State Portal for Digital Services website was hacked and displayed a message saying, “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”
Per U.S. Sentencing Guidelines, Stigal faces a maximum penalty of five years in prison if convicted. A federal district court judge will review such guidelines and determine the sentence if applicable.
In response to the January 2022 WhisperGate incident, NATO Secretary General Jens Stoltenberg criticized the attacks, stating “NATO has worked closely with Ukraine for years to help boost its cyber defences. NATO cyber experts in Brussels have been exchanging information with their Ukrainian counterparts on the current malicious cyber activities. Allied experts in country are also supporting the Ukrainian authorities on the ground. In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform. NATO’s strong political and practical support for Ukraine will continue.”6
Following Stigal’s indictment, Attorney General Merrick Garland confirmed, “The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity.” Assistant Attorney General Matthew Olsen also indicated that “the Department will do its part to prevent and disrupt such malicious behavior that relies upon online services or infrastructure in the U.S., or that targets U.S. victims.” Assistant Attorney General also noted the Justice Department would “also identify, pursue, and eventually hold to account those responsible for Russia’s malicious actions, including the cybercriminals that the Russian government cultivates in furtherance of its malign agenda.”
The Russian Embassy in Washington D.C. has not released a statement regarding the indictment. The indictment was announced amid a series of diplomatic talks between the United States and Russia on cyber-attacks.
On January 14, 2022, at the request of the United States, Russia’s Federal Security Service (FSB) conducted7 raids and arrested fourteen alleged members of REvil, a Russian-based ransomware crime group. The FSB announced it had also seized 426 million rubles or $600,000 of computer equipment. In June 2021, U.S. President Joseph Biden met with Russian President Vladimir Putin in Geneva and demanded Putin’s cooperation in combating cyber-attacks and ransomware. A month later, Biden warned Putin that Russia would face severe consequences if it did not act promptly to neutralize ransomware actors and threats. In the months since Biden’s initial meeting with Putin, American officials have reiterated their requests for anti-cybercrime cooperation. The U.S. and Russia have established an “expert group” to address cyber-attacks. In February 2023, another cyber-attack attributed to TA471 (UAC-0056), a Russian-allied cyber threat actor, also used WhisperGate to target and destroy Ukranian government entities’ computer systems. TA471 has also attacked multiple NATO member states that support Ukraine.
Kaila Hall is an intern at IELR. She is a rising senior at Cornell University.
[1] “Office of Public Affairs | Russian National Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data | United States Department of Justice.” justice.gov, 26 June 2024,
[2] Amin Stigal – Rewards for Justice. net/rewards/amin-stigal/.
[3] Mettler, “$10M Offered for Russian Accused in “WhisperGate” Malware Attack on Ukraine.” Washington Post, 26 June 2024,
[4] “Office of Public Affairs | Russian National Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data | United States Department of Justice.” justice.gov, 26 June 2024,
[5] Mettler, “$10M Offered for Russian Accused in “WhisperGate” Malware Attack on Ukraine.” Washington Post, 26 June 2024,
[6] “Statement by the NATO Secretary General on Cyber Attacks against Ukraine.” NATO, www.google.com/url?q=www.nato.int/cps/en/natohq/news_190850.htm&sa=D&source=docs&ust=1719606038338 933&usg=AOvVaw32hkQxjdX24iSgGfq1Du45
[7] Zagaris, “RUSSIA ARRESTS 14 ALLEGED MEMBERS of the REVIL RANSOMWARE GANG as UKRAINE EXPERIENCES HACKS and MALWARE.” IELR , 18 Jan. 2022,
ielr.com/content/russia-arrests-14-alleged-members-revil-ransomware-gang-ukraine-experiences-hacks-and