Unit 29155's actions since 2020 include cyber attacks on a number of federal agencies and critical infrastructure companies in a variety of countries. But the group seems to have switched most of its focus to Ukraine in the weeks prior to the 2022 military invasion.
GRU-affiliated Russian hackers targeted 20 Ukrainian critical infrastructure facilities in March 2024, Ukraine’s Computer Emergency Response Team (CERT-UA) has disclosed.
Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.
State-sponsored Russian hackers are targeting German political parties with fake dinner invites to deploy WINELOADER backdoors, establish persistence, and exfiltrate data.
Microsoft is now saying that the Russian hackers accessed "some" source code. And while customer-facing systems were not breached, the hackers accessed some confidential emails to customers.
The HPE security breach is not known to be related to the recent announcement from Microsoft that Russian hackers had penetrated the inboxes of its senior leadership. It instead appears to have a connection to a May 2023 attack that the company had previously disclosed.
Microsoft has named "Midnight Blizzard," an established team of Russian state sponsored hackers also referred to as NOBELIUM and Cozy Bear, as the culprit behind a recent security breach that compromised high-level corporate email accounts.
Russian hackers had access to Ukraine's biggest telecoms provider for most of 2023, and likely had "full access" for at least the months of November and December.
Russian hackers have reportedly accessed surveillance cameras in apartment buildings and parking facilities, and are most interested in those that are near critical infrastructure or air defense systems and can have their viewing angles changed remotely.
Russian hackers have claimed responsibility for recent DDoS attacks against NATO that disrupted a number of its operations including earthquake relief efforts for the Turkish-Syrian earthquake.