Russian hackers are aiming at global critical infrastructure
Russian state-sponsored hackers are trying to gain insight into and disrupt aid to Ukraine by targeting critical infrastructure in the United States and other Western countries.
These covert cyber operations are conducted by members of Unit 29155, a hacking group that’s endorsed and deployed by Russia’s military intelligence agency GRU to spy on, sabotage, and harm Western organizations. So far, they have targeted numerous NATO members, as well as countries in Europe, Latin America, and Central Asia.
According to the Cybersecurity and Infrastructure Security Agency (CISA), Unit 29155 is responsible for deploying wiper malware against multiple Ukrainian victim organizations as early as January 2022. The hacking group is known for exploiting vulnerabilities in services like Atlassian Confluence Server and Data Center, Sophos Firewall, and Dahua Security.
“FBI, NSA, and CISA assess Unit 29155 is responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Unit 29155 expanded their tradecraft to include offensive cyber operations since at least 2020. Unit 29155 cyber actors’ objectives appear to include the collection of information for espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage caused by the destruction of data,” according to CISA’s joint advisory.
Additionally, the FBI suspects that Unit 29155 relies on non-GRU actors to conduct their cyber operations, including known cybercriminals.
To date, the FBI has observed more than 14,000 instances of domain scanning across at least 26 NATO members and several additional EU countries. Unit 29155 has defaced victim websites and used public website domains to post stolen victim information. Their main targets are businesses and organizations in the critical infrastructure, including government services, financial services, transportation systems, and energy and healthcare sectors.
To protect yourself against digital threats from Russia, intelligence agencies worldwide call on organizations to implement mitigation measures, such as installing updates, apply network segmentation, endpoint detection and response (EDR), and use of phishing resistant multi-factor authentication (MFA) for all services that are accessible via the internet like email, VPNs and accounts of critical systems.
Your email address will not be published. Required fields are marked