German counterintelligence reports activation of Russian GRU cyber group
On Monday, 9 September, the German Federal Office for the Protection of the Constitution (Bundesverfassungsschutz), together with the FBI, the US Cyber Security Agency CISA, the NSA, and other international partners, issued a warning to the group known as UNC2589.
According to Censor.NET, Reuters reports this.
It is noted that the group's malicious cyber activity is aimed at critical infrastructure around the world. It is associated with the Russian military unit 29155 of the Main Intelligence Directorate.
The publication reminded that the GRU unit to which the group belongs is suspected of involvement in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in the UK in 2018.
Cyberattacks are used for espionage and sabotage and are often accompanied by hacking into websites and publishing stolen data. In particular, hackers were responsible for the WhisperGate campaign, during which malware was used against the IT systems of Ukrainian government agencies on the night of 14 January 2022 to overwrite data on infected systems. Numerous Ukrainian government websites were also attacked.
The group attacked networks in NATO member states in Europe and North America, as well as in Latin America and Central Asia. The targets of the cyberattacks were critical infrastructure, government agencies, and companies in the financial, transport, energy, and healthcare sectors.
According to the German agency, since the beginning of 2022, the main goal of the cyber group has apparently been to spy on and impede the flow of aid to Ukraine. More than 14,000 cases of domain scanning have already been registered in 28 NATO and EU countries, including Germany.
As a reminder, the United States accuses six Russian citizens of cyberattacks on Ukrainian government computer systems before Russia's full-scale invasion of Ukraine.
