Who Is Behind WikiLeaks.ru, Which Publishes Documents Obtained Through Cybercrime  Targeting Georgia and Armenia?

Update 11/02/2026 – The article has been updated to include information from a letter received from Georgia’s Ministry of Internal Affairs.

• As in the case of Georgia and Ukraine, Armenia has also become a Kremlin target on biosecurity-related topics. Confidential documents from official Georgian and Armenian institutions obtained through cybercrime and uploaded to Russian-language WikiLeaks are being used by Kremlin propaganda to divert attention toward artificially constructed threats.

• Russian-language WikiLeaks claims that due to the position of Georgia’s current government, the “threat” allegedly emanating from the Lugar Laboratory has “practically disappeared,” while the “American curators of the Lugar Laboratory have moved to Armenia.”

• The documents presented as evidence of specific allegations are of a simulated nature and largely repeat previously circulated disinformation.

• Despite the fact that the documents about Georgia uploaded to Russian WikiLeaks were obtained through cybercrime and that the targeted institutions fall under the category of critical information system entities, Myth Detector initially did not receive a response from the relevant law enforcement body. Following the publication of this article in Georgian, Myth Detector received a response from the Ministry of Internal Affairs stating that, on September 3, 2020, an investigation was launched under Article 284, Part 1 of the Criminal Code of Georgia regarding unauthorized access to the internal file servers of the Ministry of Health.

On November 28, 2025, an article titled “Biolab Lugara Files” (archive link) was published on Russian-language WikiLeaks (WikiLeaks.ru), in which the authors state that they dedicate their investigation to people who died as a result of what they call the most dangerous disease of the century, COVID-19, and for this purpose, they publish secret documents about the Lugar Laboratory in Georgia, allegedly leaked from government agencies and obtained from computer systems over various years.

In the article, Georgia’s Lugar Research Center is portrayed as an instrument used by the United States to spread biological threats across the region. According to the authors, it is a Pentagon-run laboratory operating under diplomatic cover, which, at the request of Americans, conducts experiments on the local population using artificial infections, and from which dangerous pathogens spread to neighboring states, specifically Dagestan (Russian Federation).

The documents were published on the website in two stages. In the second stage, on December 12, 2025, the published data included files obtained from Georgia dated 2020 and 2021, as well as documents obtained from the U.S. Embassy in Armenia. As stated during a presentation by Tim Stigal, identified as the website’s editor, Georgia currently has a “normal government,” as a result of which the “threat has practically disappeared,” and the American curators of the Lugar Laboratory have moved to Armenia. The authors claim that these documents confirm the illegal transfer of dangerous pathogens in Armenia with U.S. involvement and experiments conducted using them.

In cooperation with its Armenian partner organization, the fact-checking platform CivilNetCheck, Myth Detector examined the Georgian- and Armenian-language documents published on Russian WikiLeaks 2.0.

The files uploaded to Russian WikiLeaks concerning Georgia and Armenia are used as simulated evidence, as they are irrelevant to the allegations that this outlet and other Kremlin-aligned media have been cultivating for years.

What documents about Georgia are uploaded on WikiLeaks.ru?

Russian-language WikiLeaks.ru disseminates documents dated 2018, 2020, and 2021 related to Georgia’s Ministry of Health and the Richard Lugar Center for Public Health Research. According to the authors, their first archive, obtained in 2018, includes 24,560 files and 54,582 emails. Among the documents uploaded to the website are:

• Data obtained from the official email accounts of eight senior officials of the Ministry of Health, namely Minister Davit Sergeenko, Deputy Ministers Tamar Gabunia and Maia Lagvilava, Minister’s Assistant Sopo Belkania, Heads of the International Relations Department Marina Mkurnali and Maia Nikoleishvili, Head of the Policy Department Ekaterine Adamia, and Tamta Kobakhidze, a representative of USAID’s Health System Strengthening Project.
  
• The authors also claim that “in addition to emails,” they “also obtained documents from the computers of other employees in government agencies.”
  
• According to the authors, folders uploaded to the website also contain the building plan of the National Center for Disease Control and Public Health. Both the Ministry and the Center are listed as entities of critical information systems.

An analysis of the data uploaded to the website shows that:

• In reality, 52 files have been uploaded, which include additional internal files and documents. At the end of the article, it is stated that the material consists of 24,560 documents and will be updated regularly.
  
• In addition to Davit Sergeenko, the name of another Minister of Health, Ekaterine Tikaradze, also appears in the files.
  
• Contrary to WikiLeaks.ru’s claims, we did not find information about secret research allegedly conducted at the Lugar Laboratory in the “secret documents” file. This file consists of numerous working documents and includes memoranda, information on vaccine donations, agreements, grants, audits, communication with other agencies, and more.
  
• In the documents uploaded under the name of Sopo Belkania (an employee of the Ministry of Health), it is indeed stated that the United States financed various projects, including those related to bacteria and vaccines; however, none of them involve secret experiments. The documents reflect ongoing projects, grant-funded initiatives, and other types of information. The same file includes grant projects funded by the World Health Organization, the Defense Threat Reduction Agency, the Walter Reed Army Institute of Research (the grant is intended for organizational and technical support of utility costs), the Global Fund (a project on quality diagnostics and treatment of all forms of tuberculosis), UNICEF (a project to strengthen the capacities of the Social Service Agency), UN Women (a project against violence against women), and others.

What Allegations Does WikiLeaks.ru Publish About Georgia, and What Do the Documents Actually Show?

The allegations disseminated by Russian-language WikiLeaks regarding the Lugar Laboratory are largely based on older publications by Bulgarian journalist Dilyana Gaytandzhieva, who is affiliated with the Russian Ministry of Defense TV channel “Zvezda” and Hezbollah. These claims have been fact-checked multiple times in the past by Myth Detector.

Claim: The Lugar Center conducted secret experiments on coronavirus using bats, which were later continued at the Wuhan laboratory from which the “global COVID-19 epidemic” allegedly spread.

Fact: Experiments involving bats are conducted not only in Georgia but also in laboratories around the world, including Russia, since bats are reservoirs for coronaviruses and many other viruses.

The research cited by Russian WikiLeaks was not classified. It has been published in the annual reports of the International Science and Technology Center (ISTC), the Centers for Disease Control of Georgia and the United States, and in the doctoral dissertation of a senior specialist at the National Center for Disease Control. The file uploaded by WikiLeaks.ru contains this very dissertation.

For more on the bat-related allegations, see Myth Detector’s fact-checked materials:

• Five False Allegations Against Richard Lugar Laboratory of Tbilisi 
• How did official documents leak and what experiments are Georgian scientists carrying out on bats?

Claim: Experiments on dangerous pathogens were conducted at the Lugar Laboratory, targeting Georgian citizens.

Fact: The claim that experiments on dangerous pathogens were carried out at the Lugar Laboratory is based solely on older articles by the Bulgarian journalist affiliated with TV Zvezda. These articles themselves rely on individual pieces of official correspondence and documents, which are used to simulate evidence.

For more on this issue, see Myth Detector’s earlier publications:

• How Kremlin Tries to Cover up Russian Trace in Skripal Case with Lugar Laboratory
• How Were Documents about Lugar Lab Leaking from the Ministry of Health before the Cyberattack?
• Bulgarian Journalist Disseminates Disinformation Regarding Military Personnel Research in Georgia and Ukraine
• Who and How Uses Official Documents to Spread Disinformation

Claim: Dangerous pathogens spread from the Lugar Laboratory to neighboring countries, specifically to Dagestan. As an example, the 2015 outbreak of lumpy skin disease (LSD) in cattle is cited.

Fact: The claim that nodular dermatitis spread from Georgia to Dagestan or other territories in 2015 is unfounded. For the disease to have spread from the Lugar Laboratory to other areas, cases would first have had to be detected within the operational area of the laboratory, which did not occur.

According to the Food and Agriculture Organization of the United Nations (FAO), the disease spread actively in Eastern Europe, Mongolia, and Russia in 2016. In Georgia, the disease was recorded for the first time in history only in November 2016, with four cases identified exclusively in the Racha region.

For more details, see Myth Detector’s article:

• Lugar Laboratory is Once Again Accused of Spreading Diseases, Now on the Occupied Territories

What Documents About Armenia Are Uploaded on WikiLeaks.ru?

The second set of files published on WikiLeaks.ru (approximately 300 files) concerns Armenia. They are placed in the section “Files from US Embassy in Erevan” and include:

• Projects related to cooperation in biosecurity and healthcare: A decree of the Armenian government on the establishment of a coordinating council to prevent the proliferation of technologies, pathogens, and information related to the development of biological weapons;
  documents on the modernization of laboratories of Armenia’s Ministry of Health in cooperation with the United States and on training personnel in epidemiology.

The website also contains documents that, according to the authors, were obtained from the U.S. Embassy in Yerevan and allegedly support the following claims:

• A letter from Dan Hastings, First Secretary of the U.S. Embassy in Armenia, allegedly requesting that the Armenian government conceal possible violations of the Biological and Toxin Weapons Convention (BTWC).
• A letter sent to Mike Pompeo on behalf of members of Congress, calling for support for the new Prime Minister, Nikol Pashinyan, and his initiatives.

The Armenia-related documents uploaded to the site were analyzed by CivilNetCheck

The titles and descriptions of the files often do not match their content. Some documents do correspond to their descriptions and represent ordinary diplomatic or official correspondence. In addition to documents directly related to biosecurity, healthcare, and confidential correspondence of the U.S. Embassy, Russian-language WikiLeaks also contains materials on Armenia-EU relations, Armenia-NATO relations, Armenian-American bilateral relations, USAID, EU and UN projects, and other topics unrelated to biological laboratories.

It is also noteworthy that among the approximately 300 documents in the archive, none of the documents related to biological laboratories are secret, confidential, or classified.

What Allegation Does WikiLeaks.ru Make About Armenia, and What Do the Documents Actually Show?

Claim: At the request of the United States, Armenia violated the Biological and Toxin Weapons Convention (BTWC), and the Armenian authorities deliberately concealed these violations.

Fact: No official document confirming such allegations has been uploaded to Russian-language WikiLeaks. Therefore, this claim is unsupported by evidence.

Russian-language WikiLeaks claimed in its article that a letter from Dan Hastings, First Secretary of the U.S. Embassy in Armenia, proved violations of the BTWC and their deliberate concealment. However, among the official documents published on WikiLeaks.ru, no document of such content or any officially signed letter by Dan Hastings can be found.

Dan Hastings’ name appears only once in the archive, in a technical document titled “BTRP June 2008 Schedule,” which outlines the itinerary of a U.S. delegation’s visit to Yerevan in June 2008. In this document, Hastings is listed as the Control Officer responsible for coordinating the visit, including meeting the delegation at the airport and accompanying them to the hotel. No documents link him to biological weapons or secret negotiations.

At the same time, the documents contain an editable Word document whose authenticity cannot be verified. This file, titled “Pentagon General Counsel Findings Armenia.doc,” is apparently presented as evidence of alleged convention violations and attributed to Hastings. However, it is not an officially certified document – it bears no seal, signature, or official letterhead – and its authenticity is therefore questionable.

Notably, even the content of this unauthenticated text fundamentally contradicts the allegations presented in the article. The text is written as a legal opinion of the General Counsel of the U.S. Department of Defense and explicitly states that the agreement signed between Armenia and the United States for the implementation of the Biological Threat Reduction Program (BTRP) fully complies with the requirements of the Biological and Toxin Weapons Convention.

The document further explains that the transfer of pathogens envisaged by the agreement does not require additional secret (classified) documents for its implementation.

What Do We Know About WikiLeaks.ru?

In the “About Us” section of the website, it is stated that WikiLeaks 2.0 is a special project of the anti-globalist movement and part of a public franchise of a multinational media organization and its affiliated libraries, whose first version was founded by Julian Assange.

On December 1, 2025, the leadership of WikiLeaks, operating under a Russian domain, held a press conference at the headquarters of the Kremlin propaganda outlet TASS, where they claimed that WikiLeaks’ old domain had been replaced with a Russian one (.ru) in order to prevent a “possible blocking.” However, in the archived versions we found that the site has been using the Russian domain (WikiLeaks.ru) since at least 2011.

According to WHOIS data, the website was registered in Russia in 2009, and its owner is a private individual whose identity is concealed.

Who Leads Russian WikiLeaks 2.0?

In the authors’ section of the WikiLeaks.ru website, three individuals are listed: Julian Assange, Alex Ionov, and Tim Stigal. Assange is named as the former Chief Executive Officer, Ionov as the current Chief Executive Officer, and Stigal as the Chief Editor.

Ionov and Stigal participated in the December 1 press conference at TASS, where Tim Stigal stated that the documents obtained about the Lugar Laboratory prove what “dangerous experiments” the United States allegedly financed in Georgia, including those related to COVID-19.

It is noteworthy that the press conference was also attended by Mamuka Pipia, International Secretary of the Kremlin-aligned party operating in Georgia, Solidarity for Peace, who asked several questions of the speakers.

• Alexander Ionov

Alexander (Alex) Ionov is the leader of the Anti-Global Movement of Russia, an organization that cooperates with various separatist movements around the world. Ionov is wanted by the United States, which has offered a reward of up to $10 million for information leading to his arrest. He is accused of recruiting U.S. citizens to act in the interests of Russia and has been officially charged with “conspiring to have U.S. citizens act as illegal agents of the Russian government.” 

According to official charges, he acted on behalf of the Russian Federation’s intelligence services and controlled political groups in Florida, Georgia, and California in an attempt to influence the U.S. political system and elections. One of the movement’s objectives was the secession of the state of California from the United States.

Official sources also state that Ionov cooperated with Yevgeny Prigozhin’s “Project Lakhta,” which disseminated disinformation to support preferred candidates during elections and to deepen socio-political divisions in the United States. It is also noteworthy that the former Republican Louis Marinelli, a leading advocate of California’s secession and head of the “Yes, California” movement, was linked to the Anti-Global Movement and Ionov. Marinelli opened a self-proclaimed “Embassy of California” in Moscow and lived in Yekaterinburg.

• Tim Stigal 

Tim Stigal, who stated in a 2024 interview with Voice of America that his legal name is Timur Magomadov, is, like Alex Ionov, wanted by the United States on multiple criminal charges. According to U.S. authorities, between 2014 and April 2016, Stigal allegedly participated in four separate conspiracies aimed at stealing payment card data. In one such case, Stigal allegedly threatened to release stolen personal data unless a ransom was paid.

Tim Stigal is also one of the figures in an investigation conducted by The Insider, which concerned the GRU’s special unit 29155, particularly its hacker group. According to The Insider, Stigal possessed a fake passport under the name Danila Magomedov, which he used for travel. Notably, leaked documents cited by The Insider indicate that he also used this document to enter Georgia. Stigal reportedly met at least one “witness” who was later used in reports about the Lugar Laboratory by Bulgarian journalist Dilyana Gaytandzhieva, who is affiliated with the Kremlin and Hezbollah. According to The Insider, Stigal’s greatest success as a state hacker may be that no cybersecurity expert or intelligence agency has ever officially linked him to the GRU, particularly not to its “black operations” unit. His name has also been linked to the May 2016 breach of QNB, Qatar’s largest state-owned bank, during which 1.5 GB of customer data was stolen.
It is also noteworthy that Amin Stigal, Tim Stigal’s son, is also wanted by the United States for criminal cyber activity. According to the FBI, Stigal, identified as a civilian linked to the GRU’s Unit 29155, allegedly participated in a conspiracy alongside five Russian intelligence officers. Their targets reportedly included computer systems associated with Ukraine’s critical government infrastructure. They are also suspected of targeting and compromising critical infrastructure in Western countries. They are accused of participating in a hacking conspiracy aimed at deploying destructive malware and carrying out other disruptive actions for Russia’s strategic benefit.

Tim and Amin Stigal deny the charges. In an interview with Voice of America, Amin Stigal called the U.S. accusations “complete nonsense and lies.”

Response of Georgian Law Enforcement to Cybercrime

To find out whether an investigation had been launched and whether any results had been achieved in relation to the extraction of official documents from Georgian government agencies published on WikiLeaks.ru, which the site’s authors claim were obtained through unauthorized access to computers, we requested information from the Ministry of Health and the Ministry of Internal Affairs. We also inquired about the outcomes of investigations into document leaks from the same institutions in 2019. As of the publication of this article, Myth Detector has not received a response from the relevant authorities.

Previous Cyberattacks

• In 2018, documents leaked from Georgia’s healthcare system and published by Dilyana Gaytandzhieva were identified by Myth Detector. At that time, then-Minister of Health Davit Sergeenko stated that his correspondence and other documents had likely been obtained during a hacking attack. In a letter sent to the Media Development Foundation on January 6, 2020, the Ministry of Internal Affairs reported that a criminal investigation had been initiated on October 3, 2019, under charges of unauthorized access to a computer system and violation of the secrecy of private correspondence, telephone conversations, or other communications.
• In 2020, media outlets, citing the Ministry of Internal Affairs, reported a cyberattack launched from abroad against the Ministry of Health’s central office and its structural units, specifically the Lugar Laboratory. According to the statement released by the Ministry of Internal Affairs, hackers stole documents and critical information related to pandemic management and uploaded them in falsified form to a foreign website. At the initial stage, the Ministry did not disclose the country from which the attack originated. An investigation was launched under Article 284 of Georgia’s Criminal Code.

Since documents and official correspondence dated 2021 and intended for the Ministry of Health appear on Russian WikiLeaks, it is likely that data continued to be obtained from state institutions through cybercrime even after the 2018 and 2020 incidents. This is also confirmed by official emails belonging to Minister Ekaterine Tikaradze and a letter addressed to her from the Global Health Center of the U.S. Centers for Disease Control and Prevention (CDC).

Response of Armenian Law Enforcement Authorities

In response to a letter sent by CivilNetCheck, Armenia’s National Security Service stated that the published files reflect cooperation between various Armenian institutions and the U.S. Department of Defense’s Defense Threat Reduction Agency dating back to the early 2000s, but that the documents are not classified.

“[…] We inform you that the links indicated in the request contain numerous documents in both Armenian and English. The documents concern cooperation between the U.S. Department of Defense’s Defense Threat Reduction Agency and several state institutions of the Republic of Armenia, dating back to the early 2000s. The documents do not bear ‘secret’ classification markings, are uploaded in scanned copy form, and there is no information available regarding the manner of their disclosure. The National Security Service of the Republic of Armenia has no additional information,” reads the letter.

Archive links (1;2;3;4;5;6;7)