The US and its allies have linked a group of Russian hackers Cadet Blizzard And Amber Bear) is behind the global critical infrastructure attacks on Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces (also known as the GRU).
In a joint advisory published today, Russian GRU Military Intelligence HackersKnown for Deploying the WhisperGate data-wiping malware As of January 2022 in Ukraine, “Junior Active Duty GRU Officers” are described as part of the GRU’s 161st Specialist Training Center and coordinated by the leadership of veteran unit 29155.
The group has been planning sabotage and assassination attempts across Europe since 2020 and cyber-attacks against critical infrastructure sectors of NATO members and countries in North America, Europe, Latin America and Central Asia, including Ukraine. Attempts are being made to disrupt relief efforts. 2022.
Oh Joint investigation Published by The Insider in April, in cooperation with 60 Minutes and Der Spiegel, it also implicated the GRU’s Unit 29155. Havana syndrome Events
“Unit 29155 expanded its tradecraft to include offensive cyber operations at least beginning in 2020. The objectives of Unit 29155’s cyber actors include information gathering for espionage purposes, theft and leakage of sensitive information. Reputational damage, and organized sabotage include destruction of data,” according to Today’s Joint Advisory.
“These individuals appear to gain cyber experience and increase their technical skills through cyber operations and intrusions. Additionally, FBI Unit 29155 cyber actors rely on non-GRU actors, including known cybercriminals and their own able to act.”
The FBI says it detected more than 14,000 incidents of domain scanning targeting at least 26 NATO members and several European Union (EU) countries. Hackers affiliated with Russia’s Unit 29155 have defaced websites and used public domains to leak stolen data.
Today, the US State Department also made an announcement. Prizes up to $10 million Through its Rewards for Justice program for information on Vladislav Borovkov, Denis Igorevich Denisenko, Yuriy Denisov, Dmitry Yuryevich Goloshubov, and Nikolay Aleksandrovich Korchagin, five of the Russian military intelligence officers believed to be part of the GRU’s Unit 29155.
“These individuals are members of Unit 29155 of the Russian General Staff Intelligence Directorate (GRU), which has conducted malicious cyber activities against critical US infrastructure, particularly the energy, government and aerospace sectors”. said.
“These Unit 29155 GRU officers are responsible for targeting critical infrastructure in Ukraine and dozens of allied Western countries.”
Five GRU officers and civilian Amin Timovich (The indictment was filed in June. for the Whispergate attack) were also charged Today, in February 2022, Russia invaded and before 26 NATO members for their involvement in cyber attacks targeting Ukraine.
Critical infrastructure organizations are urged to take immediate action, including prioritizing system updates and pursuing known vulnerabilities to defend against these GRU-linked cyberattacks.
Additional recommendations include network partitions containing malicious activity and phishing-resistant multifactor authentication (MFA) for all external services, especially webmail, virtual private networks (VPNs), and accounts accessing critical systems. Includes implementation.
After attacks against Ukraine in February 2022 WhisperGate Wiper Malware, Hermetic wiper malwareand Ransomware decoysCISA and the FBI warned that devastating malware cyberattacks could spread to targets in other countries.
On Wednesday, the US also made an announcement Crackdown on Russian disinformation Ahead of the 2024 election, the seizure of 32 web domains used by a doppelgänger Russian-linked influence operation network to push disinformation and propaganda targeting the American public ahead of that year’s presidential election. done