TLDR:
- Russian military hackers, specifically linked to GRU Unit 29155, are targeting critical infrastructure in the U.S. and globally through cyber attacks.
- The cyber actors aim to gather data for espionage, damage reputations, and disrupt data through various cyber operations.
NSA, FBI, CISA, and other allies have identified the cyber actors linked to the Russian General Staff Main Intelligence Directorate (GRU) Unit 29155 as responsible for conducting computer network operations against global targets. Starting in January 2022, these actors launched attacks using the WhisperGate malware against Ukrainian victim companies. This malware is designed to resemble ransomware and has targeted various government, non-profit, and information technology companies in Ukraine.
The objectives of these cyber actors seem to include gathering data for espionage, damaging reputations via stealing and disclosing confidential information, and causing intentional disruption of data. The FBI has identified the cyber actors as junior GRU officers guided by experienced Unit 29155 leadership.
These Russian hackers, known as Cadet Blizzard and Ember Bear, have been identified by U.S. authorities for extensive attacks on vital U.S. infrastructure. The cyber operations by Unit 29155 actors have also targeted members of NATO in Europe and North America, as well as countries in Europe, Latin America, and Central Asia, involving activities like data exfiltration and infrastructure scanning.
The attackers have exploited vulnerabilities in systems accessible over the Internet, using tools like Acunetix, Amass, Nmap, and Shodan for scanning and exploiting vulnerabilities. They have also used VPNs to conceal their operations and have targeted relief initiatives in Ukraine.
Organizations are advised to prioritize system upgrades, segment networks, and enable phishing-resistant multi-factor authentication for all externally facing account services. The NSA’s Cyber Security Director emphasizes the importance of taking immediate action to secure data and mitigate harm from these malicious cyber actors.