Hacking efforts as part of this campaign began in 2020, and included attacks on Ukrainian groups ahead of Russia’s invasion, along with critical infrastructure organizations in NATO member states.
The United States and nine allied nations on Thursday formally accused the Russian government of masterminding cyberattacks in 2020 on Ukrainian critical infrastructure, among many other targets.
The joint statement was put out the day after the Justice Department took separate steps to call out Russian malicious cyber activity, underlining the ongoing threat posed by Moscow’s hackers to U.S. and allied nation networks.
A who’s who
The FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency — in conjunction with agencies from the Netherlands, Germany, Estonia, the Czech Republic, the United Kingdom, Latvia, Australia, Canada and Ukraine — put out a joint alert on the cyberattacks.
The countries pinned the attacks, which largely used a type of malware known as “WhisperGate,” on GRU Unit 29155, a Russian military hacking group. Hacking efforts as part of this campaign began in 2020, and included attacks on Ukrainian groups in January 2022 ahead of Russia’s invasion, along with critical infrastructure organizations in government, transportation, financial, health and other sectors in NATO member states. The attack on Ukraine in 2022, which involved wiping out government and private sector systems, was previously blamed on Russia by the U.S. and the European Union.
In addition, the Justice Department on Thursday unveiled indictments against five individuals alleged to be GRU officers involved in Unit 29155, along with a sixth Russian civilian alleged to have worked with them. The State Department also took action, offering a $10 million reward per person for information that could lead to arrests of those indicted.
Massive targeting pool
According to the FBI, this hacking activity included more than 14,000 observed instances of scanning networks in more than 20 NATO member states and European nations, along with targeting of groups in Central American and Asian nations. The attacks often involved the defacement of websites or the exfiltration and posting of stolen data online.
The agencies assessed that Unit 29155 was under the direction of GRU officers but used cybercriminals to help carry out their operations. The Justice Department accused the group of carrying out attacks, including the probing of an unnamed Maryland-based U.S. government agency between August 2021 and February 2022, and of hacking the transportation infrastructure of an unnamed Central European nation supportive of Ukraine in mid-2022.
Seeing the full picture
Tanel Sepp, the Estonian ambassador at large for cyber diplomacy, told POLITICO Thursday that the delay in calling out Russia enabled the impacted nations to better understand the full scope of the incidents.
“Now, we can prove it, and put concrete names behind these attacks,” Sepp said. The attribution Thursday marked the first time in history that the Estonian government, a regular target of suspected Russian-linked cyberattacks, has formally attributed cyberattacks aimed at its systems to another nation. The attacks included compromises of three Estonian ministries total in late 2020, including the Estonian Foreign Ministry.
Politico
More about:
