ALLIES UNCOVER RUSSIAN MILITARY HACKERS: UK and allies uncover Russian military unit carrying out cyber-attacks
GEÓ NewsTeam 2 months agoTuesday, 17 September 2024
GEÓ VOICE: ALLIES UNCOVER RUSSIAN MILITARY HACKERS – UK and allies uncover Russian military unit carrying out cyber-attacks and digital sabotage for the first time.
Syndicated by GEÓ PRWire Channel Team – Gibraltar
GEÓPoliticalMatters.com/PRWire
First for Geopolitical Intel
UK and allies uncover Russian military unit carrying out cyber attacks and digital sabotage for the first time
The NCSC and partners call out Russian GRU cyber actors Unit 29155 for campaign of malicious cyber activity since at least 2020.
• The UK and nine international allies call out Russian military actors for computer network operations for espionage, sabotage and reputational harm purposes
• GRU Unit 29155 has expanded its tradecraft to include offensive cyber operations and deployed Whispergate malware against Ukrainian victim organisations
• UK organisations encouraged to follow advice to help defend against online threats
The UK and international allies have today (Thursday 5 September ) exposed a unit of Russia’s military intelligence service for a campaign of malicious cyber activity targeting government and critical infrastructure organisations around the world.
In a new joint advisory, the National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies in the United States, the Netherlands, Czech Republic, Germany, Estonia, Latvia, Canada, Australia and Ukraine have revealed the tactics and techniques used by Unit 29155 of the Russian GRU to carry out cyber operations globally.
Unit 29155 is assessed to have targeted organisations to collect information for espionage purposes, caused reputational harm by the theft and leaking of sensitive information, defaced victim websites and undertaken systematic sabotage caused by the destruction of data.
It is the first time the UK has publicly exposed Unit 29155, also designated as 161st Specialist Training Centre, as being responsible for carrying out malicious cyber activity, which it has undertaken since at least 2020.
Since 2022, the group’s overall aim seems to have been to target and disrupt efforts to provide aid to Ukraine. Today, the UK and allies can confirm that it was Unit 29155 specifically that was responsible for deploying the Whispergate malware against multiple victims across Ukraine prior to Russia’s invasion in 2022.
To prevent these malicious activities impacting UK organisations, the NCSC strongly advises network defenders to follow the recommended actions set out in the advisory to bolster their cyber resilience.
Paul Chichester, NCSC Director of Operations, said:
“The exposure of Unit 29155 as a capable cyber actor illustrates the importance that Russian military intelligence places on using cyberspace to pursue its illegal war in Ukraine and other state priorities.
“The UK, alongside our partners, is committed to calling out Russian malicious cyber activity and will continue to do so.
“The NCSC strongly encourages organisations to follow the mitigation advice and guidance included in the advisory to help defend their networks.”
The advisory says the Unit, which is assessed to be made up of junior active-duty GRU officers, also relies on non-GRU actors, including known cyber criminals and enablers to conduct their operations. The group differs to more established GRU-related cyber groups Unit 26165 (Fancy Bear) and Unit 74455 (Sandworm).
The NCSC has previously exposed details about malware operations used by cyber actors from Russia’s military intelligence to target the Ukrainian military and also called for organisations to take action following Russia’s attack on Ukraine.
In May 2022, the UK and allies attributed the use of Whispergate malware in Ukraine to Russia’s military intelligence service but this new advisory goes further by attributing its deployment specifically to Unit 29155.
About GEO´ PRWire Channel
Our PR Wire Channel Management Team provide direct, immediate, highly cost-effective access to our entire Geopolitical contacts network including our proprietary Userbase of 232k* individually named, profiled & GDPR compliant CSuite industry influencers and policy makers, across the Banking & Finance, Insurance, Manufacturing, Technology, Aviation and Maritime industries as well as NGOs and Government Departments Worldwide. (*Up 41% year on year) Post your First Release Free!