The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455. Author: AlienVault
Related Tags:
UAC-0056
UNC2589
Frozenvista
Ember Bear
Cadet Blizzard
WhisperGate
T1596
T1595
T1590
Associated Indicators:
B9E64B58D7746CB1D3BED20405EF34D097AF08C809D8DAD10B9296B0BEBB2B0B
923EB77B3C9E11D6C56052318C119C1A22D11AB71675E6B95D05EEB73D1ACCD6
489AB4819830D231C3FC3572C5386CAD9D18773A8121373EA8174DE981CC9166
9EF7DBD3DA51332A78EFF19146D21C82957821E464E8133E9594A07D716D892D
FD4A5398E55BEACB2315687A75AF5AA15B776B5D36B9800A1792EDE3955616C2
DCBBAE5A1C61DBBBB7DCD6DC5DD1EB1169F5329958D38B58C3FD9384081C9B78
163932F1D39D2AE140BCF89AEE6D514F65902CE8B4D46C7061C1CC94EB2A25B2
AA79AFBF82B06CDA268664B7C83900D8F7A33E0F0071FACBA0B3D8F7A68CE56A
0DD61A16C625C49FFEFAF4CE24CABF9A074028A06640D9BBB804F735FF56DFA3