A federal indictment alleges six Russian hackers sought to infiltrate computer systems in several NATO countries, including one in Maryland, before mounting cyberattacks on Ukrainian government entities in what one official called the “first shot of the war” between the two countries.

On Thursday, federal authorities announced charges of conspiracy to commit computer intrusion and wire fraud conspiracy against the six in what’s known as the “WhisperGate” campaign, expanding the indictment of one Russian civilian announced in June.

The superseding indictment unsealed Thursday adds to the charges against 22-year-old Amin Stigal, who allegedly conspired with five officers of Russian military intelligence agency Main Intelligence Directorate, of the General Staff, or GRU, to conduct cyber operations on systems in Ukraine and its allies — including the U.S.

Officials from the Department of Justice, U.S. Attorney for the District of Maryland and the FBI Baltimore field office announced the indictment at a news conference Thursday, as several agencies continue working to thwart Russian cyber attacks. The U.S. Department of State’s Rewards for Justice program has maintained a reward of up to $10 million for information on each individual in the case.

“The message is clear to the GRU and to the Russians, we are on to you. We penetrated your systems,” said Matt Olsen, assistant attorney general for national security.

On Jan. 13, 2022, a month before Russia’s full-scale invasion of Ukraine, the alleged hackers targeted computer systems of Ukrainian government entities for emergency services, agriculture, education and science agencies unrelated to the military defense sector. These WhisperGate attacks were conducted using services from an unknowing U.S. company.

“Seeking to sap the morale of the Ukrainian public, the defendants also stole and leaked the personal data of thousands of Ukrainian civilians, including by posting patient health information and other sensitive private data for sale online, and then taunting those victims,” Olsen said.

The same day, the alleged hackers displayed a message on compromised websites reading, “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

To “cover their tracks,” Olsen said, the alleged hackers then posed as criminals engaged in ransomware attacks. They left ransom notes, Olsen said, demanding Bitcoin payments to return the victim’s data, knowing that the data and computers had already been destroyed.

“Through strokes on a keyboard, these criminals crossed over borders into countries hunting to find weaknesses and seeking to harm,” said Bill DelBagno, special agent in charge of the FBI Baltimore field office. “The WhisperGate malware attack in January of 2022 could be considered the first shot of the war.”

The military officers, identified as Vladislav Borovkov, Denis Denisenko, Yuriy Denisov, Dmitriy Goloshubov and Nikolay Korchagin, are alleged members of Unit 29155 of GRU, and the indictment alleges that their cyber operations began around 2020.

They scanned the computer systems of 26 NATO countries seeking to find vulnerabilities or ways to gain access and hacked transportation infrastructure for a Central European country that offered aid to Ukraine, the indictment alleges.

A U.S. government agency based in Maryland was among the systems probed by the alleged hackers, getting scanned 63 times. Authorities did not name the agency impacted by the hackers. According to DelBagno, the alleged hackers also illegally accessed bank accounts in the U.S., committing fraud. However, DelBagno said he does not have reason to believe the average American citizen was affected by the cyber attacks.

The public deserves to know about the threats caused by cybercriminals, U.S. Attorney for the District of Maryland Erek Barron said, and cyber criminals should know their actions will not be ignored.

The FBI, government partners and other countries are launching a joint cyber security advisory to detail how cyberattacks are conducted, and how they can be prevented, DelBagno said, and Interpol will partner in bringing the indictment “to fruition.”

The indictment sends a message to the alleged hackers, but the erasure of Ukrainian’s data is also a reminder of the vigilance required to protect valuable information of individuals and companies from cyber attacks, DelBagno said.

“That’s why this is important for all of us to include, from Maryland to Americans across the U.S. to our NATO allies, to understand that these vulnerabilities need to be protected and that the potential of your personal information is the job of the FBI and our partners to help protect that,” DelBagno said.