GRU Unit 29155: Specialists in sabotage and assassinations
The Russian GRU has a number of army models that interact in offensive cyber operations. For instance, Unit 26165, or the eighty fifth Foremost Particular Service Middle (GTsSS), has been engaged in cyber operations since way back to 2004 and is tracked within the safety business as APT28, Sofacy, Pawn Storm, or Fancy Bear. In the meantime, Unit 74455, or the Foremost Middle for Particular Applied sciences (GTsST), is tracked as Sandworm, Electrum, or Voodoo Bear and has been energetic since not less than 2009. This crew is especially well-known for its functionality to assault crucial infrastructure, together with damaging cyberattacks in opposition to the Ukrainian energy grid in 2015, 2016, and 2022 that resulted in blackouts.
By comparability, Unit 29155’s enlargement into offensive cyber operations seems to be rather more latest, being first noticed in 2020. In line with the FBI, NSA, and CISA, this unit, formally often known as the 161st Specialist Coaching Middle, has historically been liable for tried coups, sabotage and affect operations, and assassination makes an attempt all through Europe.
Whereas the opposite two extra skilled cyber models use bespoke malware, Unit 29155 favors well-known red-teaming methods coupled with open-source and business instruments, together with vulnerability scanners, community mappers, proof-of-concept exploits copied from GitHub, penetration testing frameworks, public tunneling and proxy software program, and extra. The customized WhisperGate information wiping malware appears to be an exception in its arsenal, however even that’s not completely utilized by Unit 29155.
