FORT MEADE, Md. – The National Security Agency (NSA) joins the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and international allies in publishing the Cybersecurity Advisory (CSA) “Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure” to detail malicious activity used for the purposes of espionage, sabotage, and reputational harm since at least 2020.
The authoring agencies assess cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for the malicious activity. The report includes recommended mitigations to improve cybersecurity posture.
“This Cybersecurity Advisory contains comprehensive information about GRU Unit 29155 cyber actors and their cyber activity,” said Dave Luber, NSA’s Cybersecurity Director. “It is important for organizations to use this information and take immediate action to secure data and mitigate any harm caused by these malicious cyber actors.”
According to the CSA, the GRU Unit 29155 Cyber Component is responsible for deploying the destructive WhisperGate malware against Ukrainian victim organizations as early as January 2022. Additionally, Unit 29155 cyber actors have conducted computer network operations against numerous North Atlantic Treaty Organizations (NATO) in Europe and North American, as well as in Latin America and Central Asia. The activity includes destructive cyber campaigns, infrastructure scanning, and data exfiltration, with a primary focus since early 2022 of disrupting aid to Ukraine.
The CSA’s authors recommend taking the following actions today to mitigate malicious cyber activity:
- Prioritize routine system updates and remediate known exploited vulnerabilities.
- Segment networks to prevent the spread of malicious activity.
- Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services, especially for webmail, VPN, and accounts that access critical systems.
Other U.S. agencies and allies co-sealing the CSA are the U.S. Department of the Treasury, the U.S. Department of State (Rewards for Justice program), the United States Cyber Command Cyber National Mission Force (CNMF), the Netherlands Defence Intelligence and Security Service (MIVD), Czech Military Intelligence (VZ), the Czech Republic Security Information Service (BIS), the German Federal Office for the Protection of the Constitution (BfV), the Estonian Internal Security Service (KAPO), the Latvian State Security Service (VDD), Security Service of Ukraine (SBU), Computer Emergency Response Team of Ukraine (DERT-UA), the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment Canada (CSE), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and the United Kingdom National Cyber Security Centre (NCSC-UK).
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721