The United States, together with its allies such as the UK, have raised allegations against the Russian military for launching cyber-attacks on global critical infrastructure entities with the aim of espionage, sabotage, and damaging reputations. The FBI, NSA, and CISA have collaborated on a joint advisory that identifies the cyber actors linked to the Russian GRU 161st Specialist Training Center, also known as Unit 29155. This group has been operational since 2020 and recently started using WhisperGate malware against Ukrainian organizations in January 2022.
Apart from targeting Ukrainian victims with the malware, Unit 29155 has also engaged in network operations against multiple members of NATO in North America and Europe, as well as entities in Latin America and Central Asia. These activities include website defacements, infrastructure scanning, data exfiltration, and leaking of sensitive information.
As per the advisory, “Unit 29155 cyber actors are known to target critical infrastructure and key resource sectors, including government services, financial services, transportation systems, energy, and healthcare sectors.” The concern does not solely revolve around overt attacks on critical infrastructure, but also the potential threats that remain hidden until they manifest in crises.
Erich Kron, a security awareness advocate at KnowBe4, emphasized the gravity of adversaries gaining access to systems without detection and using this access to disrupt essential tools, utilities, or communication systems. Kron highlighted that vendors providing services to critical infrastructure partners are particularly susceptible to such attacks. In order to combat these evolving threats, organizations are advised to prioritize regular system updates, address known vulnerabilities, segment networks to contain malware, and implement phishing-resistant multifactor authentication for critical accounts.
In a rapidly evolving cyber landscape, the need for vigilance and proactive defense measures is more critical than ever. The nefarious activities of cyber actors affiliated with Unit 29155 underscore the importance of enhancing cybersecurity practices and fostering collaboration among nations to combat malicious cyber operations. As the digital realm becomes increasingly intertwined with everyday life, safeguarding critical infrastructure from cyber threats remains a paramount concern for governments, businesses, and individuals worldwide.