The recent cyber attacks attributed to Russian hacking group Cadet Blizzard have been linked back to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center, known as Unit 29155.
The U.S. government and international partners have identified Cadet Blizzard as responsible for espionage, sabotage, and reputational harm since 2020, with a recent focus on disrupting aid to Ukraine.
Key sectors targeted by these attacks include government services, financial services, transportation, energy, and healthcare, affecting NATO members, the EU, and other countries.
The joint advisory from cybersecurity and intelligence authorities highlights Cadet Blizzard’s deployment of WhisperGate malware in Ukraine, leading to destructive operations before the military invasion.
In response, the U.S. Department of Justice has charged five officers associated with Unit 29155 for cyber intrusion and wire fraud conspiracy, with a $10 million reward for information on their whereabouts.
Unit 29155 is believed to engage in coups, sabotage, and assassination attempts across Europe, expanding to include offensive cyber operations targeting sensitive information for espionage and reputational harm.
Unit 29155, composed of GRU officers, relies on cybercriminals and civilian enablers to conduct website defacements, data exfiltration, and data leak operations, targeting vulnerabilities in various systems.
Organizations are advised to prioritize system updates, enforce network segmentation, and implement multi-factor authentication to mitigate the risks posed by Cadet Blizzard and similar threat actors.