iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
According to a joint advisory released by CISA, the ASD, and 14 other agencies, Russian hackers are targeting infrastructure in the US and abroad.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory warning of Russian military hackers targeting critical infrastructure at home and abroad.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is just one of a raft of other agencies around the world, including the Canadian Security Intelligence Service, the United Kingdom National Cyber Security Centre, and the Security Service of Ukraine.
According to CISA and its partners, threat actors with links to the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) have been working on network operations against targets across the globe since at least 2020. The hackers’ aims have been sabotage, espionage, and causing reputational harm to their victims.
GRU Unit 29155 has also been observed deploying a particularly nasty malware known as WhisperGate against multiple targets in Ukraine since January 2022.
“FBI, NSA, and CISA assess Unit 29155 is responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe,” CISA said in its advisory.
“Unit 29155 expanded their tradecraft to include offensive cyber operations since at least 2020. Unit 29155 cyber actors’ objectives appear to include the collection of information for espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage caused by the destruction of data.”
The group appears to be made up of active-duty GRU junior officers but commanded by more skilled leadership. They’re also known to have been assisted by cyber criminals in some of their operations.
Unit 29155 has targeted organisations in NATO member nations in the US and Europe, as well as throughout the rest of Europe, central Asia, and Latin America.
“The activity includes cyber campaigns such as website defacements, infrastructure scanning, data exfiltration, and data leak operations,” CISA said.
“These actors sell or publicly release exfiltrated victim data obtained from their compromises. Since early 2022, the primary focus of the cyber actors appears to be targeting and disrupting efforts to provide aid to Ukraine.
“To date, the FBI has observed more than 14,000 instances of domain scanning across at least 26 NATO members and several additional European Union (EU) countries. Unit 29155 cyber actors have defaced victim websites and used public website domains to post exfiltrated victim information.”
The hackers are known to target critical infrastructure entities in financial and government services, the energy sector, and transportation.
Unit 29155 takes advantage of several publicly available tools in its operations, including Acunetix, Netcat, Shodan, and VirusTotal.
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
