The UK, alongside nine international allies, has publicly identified Russia’s GRU Unit 29155 as responsible for a series of cyber attacks and digital sabotage targeting governments and critical infrastructure worldwide, according to a press release.

This is the first time the UK has directly linked such activities to this specific Russian military intelligence unit, which has been involved in malicious cyber operations since at least 2020.

Unit 29155, a division within the GRU (Russia’s military intelligence service), has expanded its operations from traditional espionage to offensive cyber actions, including the deployment of Whispergate malware against Ukrainian organisations.

The malware, deployed prior to Russia’s 2022 invasion of Ukraine, aimed to disrupt and destroy data. The joint advisory, issued by the UK’s National Cyber Security Centre (NCSC) and international partners, reveals that the unit has caused reputational damage and sabotage by stealing and leaking sensitive information.

Paul Chichester, Director of Operations at the NCSC, stated, “The exposure of Unit 29155 as a capable cyber actor illustrates the importance that Russian military intelligence places on using cyberspace to pursue its illegal war in Ukraine and other state priorities.” He urged organisations to follow the advisory’s guidance, saying, “The NCSC strongly encourages organisations to follow the mitigation advice and guidance included in the advisory to help defend their networks.”

The advisory, developed with input from agencies in countries such as the United States, Germany, Canada, and Ukraine, outlines the tactics used by Unit 29155 and contrasts its operations with other GRU-linked cyber groups like Fancy Bear (Unit 26165) and Sandworm (Unit 74455).

Unit 29155’s role appears to be broader, engaging in offensive cyber operations. The unit reportedly relies on cyber criminals and other non-GRU actors to conduct some of its activities.

While the UK and its allies had previously attributed the use of Whispergate malware to Russian military intelligence in 2022, this latest advisory identifies Unit 29155 as the group specifically responsible.

George Allison
George has a degree in Cyber Security from Glasgow Caledonian University and has a keen interest in naval and cyber security matters and has appeared on national radio and television to discuss current events. George is on Twitter at @geoallison

LEAVE A REPLY

Please enter your comment!
Please enter your name here