Oct 2024
Russian military cyber actors target U.S. and global critical infrastructure
The UK, alongside nine international allies, has publicly attributed a campaign of malicious cyber activity to Russia’s GRU Unit 29155.
Information Security Consultant
These operations were conducted for the purpose of espionage, sabotage and reputational harm, and have believed to have been ongoing since 2020. Paul Chichester the director of operations at the NCSC said: “The UK, alongside our partners, is committed to calling out Russian malicious cyber activity.” The intervention comes as governments in Europe have reportedly witnessed a rise in Russian Espionage in the wake of the Ukrainian war.
Within the arsenal of Unit 29155 is a type of destructive malware called Whispergate, which has two stage to corrupt a system’s master boot record: displaying a fake ransomware note, and encrypting files based on certain file extensions. Although a ransomware message is displayed during the attack, Microsoft highlighted that the targeted data is destroyed and is not recoverable even if a ransom is paid.
As a result of these malicious activities, a new joint advisory has been created by the National Cyber Security Centre (NSCS) and other similar agencies from around the world to help organisations bolster their defences.
Wider context
GRU Unit 29155 operates distinctively from other Russian cyber units like Fancy Bear (Unit 26165) and Sandworm (Unit 74455), leveraging junior GRU officers and cybercriminal collaborations for espionage and sabotage. The exposure of Unit 29155 highlights a trend of Russian cyber operations targeting entities aligned with aid efforts to Ukraine, reflecting broader geopolitical conflicts. WhisperGate is part of Russia's ongoing cyber warfare tactics, which include leveraging destructive malware to destabilise victim organisations and sow confusion. It is believed that the same unit has been carrying out cyber operations since 2020.
Recommendations
NCSC strongly advises the use of the mitigation advice and guidance in the advisory.
According to the advisory there are three main actions that organisations should take today to mitigate malicious cyber activity:
- Prioritise routine system updates and remediate known exploited vulnerabilities
- Segment networks to prevent the spread of malicious activity
- Enable phishing-resistant multifactor authentication (MFA) for all externally-facing account services, especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.
Waterstons has 25+ years' experience across the UK and Australia preparing and protection organisations from cyber threats. We are committed to assisting all organisations to stay agile and prepared in today’s cyber conscious economy.
Empower your organisation today, get in touch with one of our team members.
info@waterstons.com.au l 02 9160 8430