GRU Unit 29155: Specialists in sabotage and assassinations
The Russian GRU has a number of army models that have interaction in offensive cyber operations. For instance, Unit 26165, or the eighty fifth Principal Particular Service Heart (GTsSS), has been engaged in cyber operations since way back to 2004 and is tracked within the security trade as APT28, Sofacy, Pawn Storm, or Fancy Bear. In the meantime, Unit 74455, or the Principal Heart for Particular Applied sciences (GTsST), is tracked as Sandworm, Electrum, or Voodoo Bear and has been lively since a minimum of 2009. This crew is especially well-known for its functionality to assault vital infrastructure, together with harmful cyberattacks towards the Ukrainian energy grid in 2015, 2016, and 2022 that resulted in blackouts.
By comparability, Unit 29155’s growth into offensive cyber operations seems to be way more current, being first noticed in 2020. In accordance with the FBI, NSA, and CISA, this unit, formally often called the 161st Specialist Coaching Heart, has historically been answerable for tried coups, sabotage and affect operations, and assassination makes an attempt all through Europe.
Whereas the opposite two extra skilled cyber models use bespoke malware, Unit 29155 favors well-known red-teaming methods coupled with open-source and business instruments, together with vulnerability scanners, community mappers, proof-of-concept exploits copied from GitHub, penetration testing frameworks, public tunneling and proxy software program, and extra. The customized WhisperGate information wiping malware appears to be an exception in its arsenal, however even that’s not completely utilized by Unit 29155.