The United States government, in conjunction with a coalition of international partners, has officially linked a Russian hacking group known as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center, also referred to as Unit 29155. This attribution highlights the group’s significant role in cyber operations aimed at espionage, sabotage, and reputational harm, particularly since 2020.
Cybersecurity agencies have reported that the activities of Cadet Blizzard have intensified since early 2022, primarily focusing on undermining efforts to support Ukraine amid ongoing military aggression from Russia. The group’s attacks have predominantly targeted critical infrastructure across various sectors, including government services, financial institutions, transportation systems, energy, and healthcare, particularly within NATO member states, the European Union, and certain Central and Asian countries.
The advisory, which emerged from a coordinated exercise named Operation Toy Soldier, unites cybersecurity and intelligence authorities from the U.S., the Netherlands, the Czech Republic, Germany, Estonia, Latvia, Ukraine, Canada, Australia, and the United Kingdom. Cadet Blizzard, also identified by several other names such as Ember Bear and Ruinous Ursa, gained notoriety in early 2022 for deploying destructive malware called WhisperGate against several organizations in Ukraine just prior to Russia’s full-scale invasion.
A notable event occurred in June 2024, when a young Russian citizen named Amin Timovich Stigal was indicted in the U.S. for his alleged involvement in executing destructive cyber attacks utilizing the wiper malware against targets in Ukraine. The activities of Cadet Blizzard are not uniquely tied to Stigal; the group has escalated its operations to impact a broader range of nations providing support to Ukraine, resulting in charges against five GRU officers associated with Unit 29155 for conspiracy to commit computer intrusion and wire fraud.
The U.S. Department of Justice (DoJ) has explicitly identified the objectives of these cyber endeavors as sowing fear among Ukrainian citizens about the safety of their governmental systems and personal data. The group’s activities further extend to computer systems in various countries that have supported Ukraine, aiming to compromise data with no military significance.
The advisory indicates that Unit 29155 executes a variety of offensive cyber operations, employing tactics such as initial access via known vulnerabilities, lateral movement within networks, and data exfiltration. The MITRE ATT&CK framework may elucidate the various tactics likely employed, such as exploiting public-facing applications, enabling persistence on compromised systems, and leveraging command and control methods to maintain access. The agencies have noted activities such as infrastructure scanning and data leaks, which facilitate the release of sensitive information either on public platforms or through sales to malicious actors.
Cyber adversaries have reportedly utilized tools like Raspberry Robin as access brokers, alongside conducting password spraying attacks targeting victims’ Microsoft Outlook Web Access (OWA) infrastructure to secure valid credentials.
To mitigate risks, organizations are advised to implement regular system updates, address known vulnerabilities, and employ network segmentation to inhibit the spread of malicious activity. Furthermore, the enforcement of phishing-resistant multi-factor authentication on all externally accessible account services is recommended to enhance security posture. Cybersecurity remains a paramount concern as threats continue to evolve, underscoring the need for vigilant and proactive measures among business owners and stakeholders alike.
This advisory serves as a timely reminder of the persistent threat posed by state-sponsored hacking groups and the importance of robust cybersecurity infrastructure in safeguarding sensitive information and maintaining operational integrity in today’s interconnected global landscape.
Source Link : https://thehackernews.com/2024/09/us-offers-10-million-for-info-on.html
