U.S. and Germany Warn of Cyber Attacks by Russian Military Intelligence

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States along with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Germany’s Intelligence Agency, and other international partners shared an advisory warning about Unit 29155 a threat group belonging to Russian military intelligence (GRU).

According to Reuters, German authorities claimed that this group performed attacks against NATO and multiple countries in the European Union. Berlin has been accusing Russia of multiple attacks on local organizations and businesses—in IT, logistics, aerospace, and defense sectors—for months.

U.S. authorities explained that Unit 29155 has also been responsible for deploying malware WhisperGate against Ukrainian organizations in January 2022.

“These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020,” states the document recently shared by CISA.

The agency also acknowledges the independence of this group, as the GRU also has other malicious organizations like Unit 74455 and Unit 26165.

CISA shared a few recommendations to businesses and organizations to mitigate attacks like fixing every known vulnerability and constantly running system updates, segmenting networks, and enabling multi-factor authentication (MFA) “for all externally facing account services, especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.”

Through a press release, the Office of Public Affairs of the U.S. The Department of Justice also revealed last Thursday that six computer hackers—five of them officers in Unit 29155—have been charged with conspiracy and fraud allegations. The U.S. government is currently offering $10 million for information on the defendants’ activities or locations.

A few weeks ago, the U.S. also banned software company Kaspersky for its ties to the Kremlin. Just a couple of days ago, a few outages of popular platforms like Telegram, WhatsApp, Skype, Discord, and YouTube were reported in Russia and experts have suggested that the Russian government might have been involved in cyberattacks as part of censorship strategies and control of online communications.