Ukraine sentences two hackers from Russia-linked Armageddon group

Two hackers affiliated with the Russian federal security service (FSB) have been sentenced in absentia to 15 years in prison in Ukraine for carrying out cyberattacks against state institutions, according to a government statement on Tuesday.

The pair is reportedly connected to a hacking group tracked as Armageddon, which is considered “the most engaged” state-sponsored threat actor in the country, according to previous research.

Armageddon, also known as Gamaredon, has been active since at least 2013 and likely operates from the Russian-occupied Crimean Peninsula. The group is believed to act on orders from Russia’s FSB.

In its statement, Ukraine’s security service (SBU) didn’t identify the sentenced individuals by name but stated that they were former employees of the security agency based in Crimea who “betrayed their oath” in 2014 when Russia annexed the peninsula.

It is likely that the SBU referred to Oleksandr Sklianko and Mykola Chernykh, two Armageddon-linked hackers who were added to the European Union sanctions list earlier in June and were previously alleged to be officers in the counterintelligence branch of the FSB in Crimea.

A source in Ukrainian law enforcement confirmed to Recorded Future News that the SBU’s statement indeed referred to Sklianko and Chernykh. The source asked not to be identified so they could speak freely about the case.

The European Council’s sanctions accused the two Russians of conducting cyberattacks “with a significant impact on the governments of EU member states and Ukraine, including by using phishing emails and malware campaigns.” On Tuesday the EU issued a statement condemning Russian “hybrid activities” against critical infrastructure and other targets.

According to the Ukrainian investigation, the attackers carried out more than 5,000 cyberattacks on Ukrainian critical infrastructure facilities and state institutions, including the systems of the Ministry of Foreign Affairs and the Ministry of Economic Development.

The goal of these attacks was “to gain access to electronic documents and servers with secret government data,” the SBU said. The hackers were found guilty of treason and gaining unauthorized access to computers. 

The trial was conducted in the absence of the accused, and their current whereabouts were not specified. The sentence will begin from the date of the actual apprehension of the convicts, according to the statement.

In 2021, Ukraine identified eight members of Armageddon by listening to intercepted phone conversations. Sklianko and Chernykh were among them.

Ukraine stated that Armageddon is one of the most dangerous threat actors targeting the country during its war with Russia. The group primarily conducts cyberespionage operations against Ukrainian security and defense services, but it has also been linked to at least one destructive cyberattack against an unspecified information infrastructure facility.

According to recent research by the Slovakia-based cybersecurity firm ESET, the group has also attempted to attack Ukraine’s allies in several NATO countries, including Bulgaria, Latvia, Lithuania, and Poland. The volume of Armageddon’s attacks on Ukraine is prolific. In 2022 and 2023, researchers observed more than a thousand unique devices in Ukraine targeted by the group.