Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Russian threat actors responsible for the worldwide attacks on key infrastructure, identified as Cadet Blizzard and Ember Bear, have been connected by the United States and its allies to Unit 29155 of the Main Directorate of the General Staff of the Armed Forces (GRU).
Joint Advisory Released: Key Information
According to a joint advisory released recently, the Russian military intelligence hackers, who are notorious for using the data-wiping malware WhisperGate in Ukraine in January 2022, are “junior active-duty GRU officers” who work under the direction of seasoned Unit 29155 leadership and are a part of GRU’s 161st Specialist Training Center.
The group has been responsible for conducting sabotage and assassination attempts throughout Europe, as well as cyberattacks against critical infrastructure sectors of NATO members and countries across Europe, North and Latin America, and Central Asia since 2020.
Unit 29155 expanded their tradecraft to include offensive cyber operations since at least 2020. Unit 29155 cyber actors’ objectives appear to include the collection of information for espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage caused by the destruction of data.
U.S. and Allies Joint Advisory (Source)
The advisory mentions that individuals linked to the unit appear to be enhancing their technical skills and gaining cyber experience by conducting cyber-related operations and intrusions.
Furthermore, the FBI assesses that the unit’s threat actors rely on non-GRU actors, including known cyber-criminals and enablers to conduct their operations.
Over 14.000 instances of domain scanning targeting at least 26 NATO member nations, along with several EU nations, were detected by the FBI.
To protect themselves from these GRU-linked intrusions, critical infrastructure enterprises are advised to act right once, giving priority to system updates and patching known vulnerabilities.
To prevent fraudulent activity, it is also advised to segregate the network and use phishing-resistant multi-factor authentication (MFA) for all external services, especially webmail, virtual private networks (VPNs), and accounts that have access to vital systems.
If you liked this piece, you can find more on the blog. Follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
