Priya Patel
TLDR:
- New joint advisory from CISA, FBI, and NSA ties recent cyber attacks on critical infrastructure to Russian GRU unit known as Unit 29155.
- Unit 29155, also called Cadet Blizzard or Ember Bear, is a special Russian intelligence unit focused on attacking foreign critical infrastructure since at least 2020.
New CISA Report Ties Recent Cyber Attacks on Critical Infrastructure to Russian Intelligence Unit
A recent joint advisory from CISA, FBI, and NSA has identified a distinct Russian General Staff Main Intelligence Directorate (GRU) unit, known as Unit 29155, as responsible for recent cyber attacks on critical infrastructure. This unit, also referred to as Cadet Blizzard or Ember Bear, has been actively targeting foreign critical infrastructure since at least 2020, with a particular focus on Ukraine.
The report highlights that Unit 29155 is different from other well-known Russian threat actors and appears to be relatively new to cyber attacks. Composed mostly of junior active-duty GRU officers, the group is being trained by more experienced leadership to play a larger role in espionage and cyber attacks.
One of the notable aspects of Unit 29155’s operations is its use of the highly destructive “WhisperGate” malware, observed since January 2022. The group has targeted federal agencies in various countries, including the US, UK, Canada, Australia, and Latvia, before shifting its focus to Ukraine prior to the 2022 military invasion.
Despite the group’s relatively short time in cyber operations, CISA warns that Unit 29155 poses a significant threat to critical infrastructure. The report also suggests that the group collaborates with Russian cyber criminal groups, although specific details about these partnerships remain undisclosed.
In light of these findings, cybersecurity experts emphasize the importance of patching known vulnerabilities, implementing multi-factor authentication, and staying vigilant against potential cyber attacks, particularly from Unit 29155 and other advanced threat actors leveraging common red teaming techniques and publicly available tools.
