Unit 29155, a secretive GRU military intelligence unit based in Moscow, has been known to be linked to assassinations, sabotage, and destabilization efforts across Europe. Its cyber capabilities are a new development and were not previously known.
Offensive cyber operations signal the growing capabilities of Unit 29155, highlighting Russia's strategic emphasis on cyberspace during the full-scale invasion, the Defense Ministry says.
The Ministry wrote:
- On 05 September 2024, the UK National Cyber Security Centre publicly assessed that the Russian Military Intelligence (GRU) Unit 29155 has been responsible for a series of offensive cyber operations targeting victims globally since at least 2020. At least some of the group’s cyber operations have almost certainly been aimed at supporting the Russian invasion of Ukraine.
- Operations have included the ‘WhisperGate’ destructive wiper malware, which was used against Ukrainian targets in 2022. Other activities have included website defacements and network scanning for espionage purposes. WhisperGate was previously attributed to the Russian state; this new advisory specifically links the attack to GRU Unit 29155.
- Unit 29155 is assessed to be responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Offensive cyber operations therefore mark a development in the capabilities of Unit 29155. This further highlights the value the Russian state places on cyberspace in the context of their invasion of Ukraine.
- Ukrainian, French cyber experts disable Russian hacker infrastructure during “EndGame” international operation
- Moscow-backed church’s priest accused of spying for Russian military intel in Kharkiv Oblast
- Germany says Russia behind massive cyberattack last year after Berlin decided to send Ukraine tanks
- LRT: Pro-Russian cyber group targets Lithuanian military system
- Russian GRU’s sabotage recruitment in Baltics exposed by journalists
- Ex-Russian GRU officer Salikov exposes Russia’s proxy Ukraine “republics” (full translation)
- Bellingcat IDs GRU agent for occupied Donetsk and possible MH17 witness (2020)