The Truth Behind Unit 29155: A Closer Look at Russian Cyber-Attacks

Recent revelations have shed light on a clandestine cyber warfare unit within the Russian military. The US, UK and seven other governments have come forward, accusing the Russian military of launching cyber-attacks targeting critical infrastructure for espionage and sabotage purposes.

Unit 29155, affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), has been identified as the culprit behind these malicious activities. This unit is believed to have been carrying out cyber operations against global targets since at least 2020, aiming to engage in espionage, sabotage, and reputational harm.

Unveiling Unit 29155’s Tactics

Unit 29155’s cyber actors have a diverse range of targets, including North Atlantic Treaty Organization (NATO) members, countries in Europe, Latin America, Central Asia, and beyond. They focus on critical infrastructure sectors like government services, transport, energy, and healthcare.

The recent exposure of Unit 29155’s cyber capabilities has highlighted the unit’s use of destructive malware, such as the WhisperGate wiper malware, deployed against Ukraine government and critical sector organizations prior to Russia’s invasion of Ukraine in February 2022.

This marks the first time Unit 29155 has been directly linked to malicious cyber campaigns. The cyber actors within this unit operate independently from other established GRU-affiliated cyber groups, showcasing a new and dangerous cyber threat landscape.

The Expansion to Cyber Campaigns

In addition to traditional espionage and influence operations, Unit 29155 has recently expanded its tradecraft to include offensive cyber operations. These operations aim to steal data, cause reputational harm, and engage in “systematic sabotage” by destroying valuable information.

The cyber actors within Unit 29155 are believed to be junior active-duty GRU officers under the guidance of experienced leadership. They are also known to collaborate with non-GRU actors, including cybercriminals, to bolster their operations.

Protecting Against Unit 29155 Attacks

In light of these revelations, cybersecurity agencies have outlined key recommendations for organizations to protect against Unit 29155 cyber tactics. These recommendations include prioritizing patching, conducting regular vulnerability scans, limiting exploitable services, utilizing government cybersecurity services, implementing network segmentation, and securing sensitive data.

It is crucial for organizations to stay vigilant and proactive in defending against sophisticated cyber threats like those posed by Unit 29155.

Six Russians Charged for Cyber-Attacks

On the same day of the advisory release, a US court charged six Russians, including five officers from Unit 29155, for cyber-attacks on Ukraine and other countries. These individuals were involved in deploying the WhisperGate malware and targeting critical infrastructure around the world.

The US Department of State’s Rewards for Justice program is offering a substantial reward for information on the defendants’ locations or cyber activities.

Stay informed and stay protected. This story was updated on September 6, 2024.