Categories: CyberCrimeSecurity

NCSC Calls Out Cyber-Attacks From Russia’s GRU

The UK’s NCSC and nine international allies have given details of cyber-attack campaigns by a unit of Russia’s military intelligence service, in an unusual move intended to help organisations prepare for potential breach attempts.

The UK’s National Cyber Security Centre (NCSC), part of GCHQ, and agencies in the US, the Netherlands, the Czech Republic, Germany, Estonia, Latvia, Canada, Australia and Ukraine outlined tactics and techniques used by Unit 29155 of Russia’s GRU to carry out cyber-operations against government and critical infrastructure organisations around the world.

The unit, also known as the 161st Specialist Training Centre, has been carrying out attacks since at least 2020, the NCSC said.

It said this was the first time the UK has exposed the unit’s activities.

Image credit: Markus Spiske/Pexels

Espionage

“Unit 29155 is assessed to have targeted organisations to collect information for espionage purposes, caused reputational harm by the theft and leaking of sensitive information, defaced victim websites and undertaken systematic sabotage caused by the destruction of data,” NCSC said in an advisory.

The group is made up of junior active-duty GRU officers and also relies on non-GRU actors including known cyber-criminals and enablers for its operations.

It is distinct from more established GRU-related cyber groups Unit 26165, known as Fancy Bear, and Unit 74455, known as Sandworm.

The NCSC said Unit 29155 was behind deploying Whispergate data-destroying malware against multiple organisations in Ukraine prior to Russia’s invasion of the country in early 2022.

Since then the group has been mainly focused on disrupting international support for Ukraine amidst the ongoing war, the NCSC said.

“The exposure of Unit 29155 as a capable cyber actor illustrates the importance that Russian military intelligence places on using cyberspace to pursue its illegal war in Ukraine and other state priorities,” said director of operations Paul Chichester.

“The UK, alongside our partners, is committed to calling out Russian malicious cyber activity and will continue to do so.”

Whispergate

In May 2022 the UK and allies attributed Whispergate to GRU, but the attribution specifically to Unit 29155 was made for the first time.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said then-UK Foreign Secretary Liz Truss at the time.

The advisory from NCSC and allies gives specific details of the unit’s tactics and indicators of compromise in order to help organisations prepare for possible attacks.

The NCSC urged organisations to take defensive measures such as prioritising patching known vulnerabilities, deploying protective controls and architecture and applying security controls, including testing the organisation’s security programmes against the MITRE ATT&CK for Enterprise framework.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

43 mins ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

3 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

6 hours ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

23 hours ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

1 day ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

1 day ago