The US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructi
gru (5)
The US Department of Justice claims that it has disrupted a botnet controlled by the Russian state-sponsored hacking group Forest Blizzard, also known as Fancy Bear. The Russian hackers' targets include US and foreign governments, military entities, and security and corporate organizations. The FBI operation copied and deleted stolen files and other data from the compromised routers and, working with local Internet service providers, the FBI then informed the owners and operators of the routers.
Microsoft says it's blocked GRU cyber operations directed against US, European, and Ukrainian targets. Redmond calls the group "Strontium," in its metallic naming convention for threat groups, but the threat actor is also known as APT28 and, of course, Fancy Bear. The disruption was a familiar (and entirely praiseworthy) takedown. Microsoft explained, "On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these a
In August 2020, the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware. The entire report can be viewed here
The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector
Almost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout. A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians. Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t