Russian GRU Unit 29155 accused of cyber attacks on global critical infrastructure

The United States and its allies, including the UK, have leveled accusations against the Russian military for launching cyberattacks on global critical infrastructure. The FBI, NSA, and CISA have jointly published an advisory implicating cyber actors linked to the Russian GRU 161st Specialist Training Center, specifically Unit 29155, which has been active since 2020.

The group deployed WhisperGate malware against Ukrainian organizations in January 2022 and has targeted NATO members in North America and Europe, as well as entities in Latin America and Central Asia. Their operations have encompassed website defacements, infrastructure scanning, data exfiltration, and leaking.

The advisory warns that Unit 29155 cyber actors focus on critical infrastructure and key resource sectors such as government services, financial services, transportation systems, energy, and healthcare. Erich Kron, a security awareness advocate at KnowBe4, expressed concern over the ability of adversaries to infiltrate systems undetected and potentially disrupt essential tools and services.

Kron emphasized the importance of prioritizing system updates, addressing known vulnerabilities, segmenting networks to prevent malware spread, and implementing phishing-resistant multifactor authentication. These defensive measures are crucial in safeguarding against cyber threats targeting critical infrastructure and ensuring the resilience of vital systems.