ASD ACSC and other security agencies warn of active Russian military hackers

Russian Foreign Ministry suffers 'powerful' cyber attack

ASD ACSC and other security agencies warn of active Russian military hackers

According to a joint advisory published by CISA, ASD and 14 other agencies, Russian hackers are attacking infrastructure in the US and abroad.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about Russian military hackers attacking critical infrastructure at home and abroad.

The Australian Signals Directorate’s (ASD) Australian Cyber ​​Security Center (ACSC) is just one of a number of other agencies around the world, including the Canadian Security Intelligence Service, the National Cyber ​​Security Center of the United Kingdom and the Ukrainian Security Service.

According to CISA and its partners, threat actors linked to the 161st Specialist Training Center of the Main Intelligence Directorate of the Russian General Staff (GRU) (Unit 29155) have been working on network operations against targets around the world since at least 2020. there have been sabotage, espionage and damage to the reputation of its victims.

GRU Unit 29155 has also been observed deploying particularly nasty malware known as WhisperGate against multiple targets in Ukraine since January 2022.

“The FBI, NSA, and CISA assess that Unit 29155 is responsible for coup attempts, sabotage and influence operations, and assassination attempts throughout Europe,” CISA said in its advisory.

“Unit 29155 expanded its craft to include offensive cyber operations since at least 2020. The objectives of Unit 29155 cyber actors appear to include information gathering for espionage purposes, reputational damage caused by theft and leaking of confidential information and systematic sabotage caused by data destruction.”

The group appears to be made up of junior GRU officers on active duty, but commanded by more capable leaders. It is also known that they have had the help of cybercriminals in some of their operations.

Unit 29155 has targeted organizations in NATO member countries in the US and Europe, as well as the rest of Europe, Central Asia, and Latin America.

“The activity includes cyber campaigns such as website defacement, infrastructure scanning, data exfiltration and data leak operations,” CISA said.

“These actors sell or publicly disclose exfiltrated victim data obtained from their engagements. As of early 2022, the primary goal of cyber actors appears to be to attack and disrupt efforts to provide aid to Ukraine.

“To date, the FBI has observed more than 14,000 domain scanning cases in at least 26 NATO members and several additional European Union (EU) countries. “Cyber ​​actors from Unit 29155 have defaced victims’ websites and used public website domains to post exfiltrated victim information.”

Hackers are known to attack critical infrastructure entities in financial and government services, the energy sector, and transportation.

Unit 29155 leverages several publicly available tools in its operations, including Acunetix, Netcat, Shodan, and VirusTotal.

You can read the full report here.

Leave a Reply

Your email address will not be published. Required fields are marked *