The UK and like-minded allies have called out a unit of Russia’s military intelligence service for malicious cyber activity such as malware against governments and critical infrastructure. The UK’s National Cyber Security Centre (NCSC) – a part of the listening agency GCHQ – and similar agencies in the United States, the Netherlands, Czech Republic, Germany, Estonia, Latvia, Canada, Australia and Ukraine have stated the tactics and techniques used by Unit 29155 of the Russian GRU.
According to the document, ‘Unit 29155 is responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Unit 29155 expanded their tradecraft to include offensive cyber operations since at least 2020. Unit 29155 cyber actors’ objectives appear to include the collection of information for espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage’.
Paul Chichester, NCSC Director of Operations, said: “The exposure of Unit 29155 as a capable cyber actor illustrates the importance that Russian military intelligence places on using cyberspace to pursue its illegal war in Ukraine and other state priorities. The UK, alongside our partners, is committed to calling out Russian malicious cyber activity and will continue to do so.
“The NCSC strongly encourages organisations to follow the mitigation advice and guidance included in the advisory to help defend their networks.”
To give more detail, the advisory says the unit, which is assessed to be made up of junior active-duty GRU officers, also relies on non-GRU actors, including ‘known cyber-criminals and enablers’. The targets are NATO countries and others in Europe, Latin America, and central Asia. The actions: website defacements, infrastructure scanning, data exfiltration, and data leak operations’. “These actors sell or publicly release exfiltrated victim data obtained from their compromises. Since early 2022, the primary focus of the cyber actors appears to be targeting and disrupting efforts to provide aid to Ukraine.”
For the 36-page advisory document visit the US federal agency the Cybersecurity and Infrastructure Security Agency (CISA) website.
Cyber policy people from NATO countries and Asia-Pacific partners have been meeting this month at the Cyber Champions Summit in Sydney.
Comment
David Critchley, Regional Director for UK and Ireland at Armis, said: “With Russia ramping up its recent cyber activity across the globe, condemnation from the NCSC and its allies comes as no surprise. And it confirms UK IT leaders’ fears according to recent Armis research: that Russia is an even bigger threat to global security than China.
“This latest NCSC report underscores the urgent need for UK organisations to bolster defences against geopolitically motivated attacks, especially those targeting critical infrastructure which could have serious economic and societal consequences.”
