In a coordinated effort, cybersecurity and intelligence agencies from eleven countries, including the United States, the Netherlands, and the United Kingdom, have revealed the true identity of the notorious hacking group known as Cadet Blizzard. This group, also operating under aliases such as Ember Bear and UNC2589, has been linked to the Russian military's GRU Unit 29155, responsible for a series of global cyberattacks since 2020.
Cadet Blizzard's destructive activities gained prominence in January 2022 when they unleashed the WhisperGate malware on Ukrainian organizations just prior to Russia's full-scale invasion. The group's focus shifted towards disrupting aid efforts to Ukraine and targeting critical infrastructure sectors such as government services, finance, transportation, energy,and healthcare across NATO members, the European Union, and other countries.
Lately, they've zeroed in on disrupting aid to Ukraine, targeting critical infrastructure like government services, finance,transportation, energy, and healthcare across NATO, the EU, and other regions.
This announcement is part of a joint effort called Operation Toy Soldier, involving cybersecurity and intelligence agencies from numerous countries. As Cadet Blizzard gained more notoriety in early 2022 for deploying destructive malware against Ukraine just before Russia's full-scale invasion.
Evidence indicates that Unit 29155's malicious activities extend beyond cyberattacks, including alleged involvement in attempted coups, sabotage, influence operations, and even assassination attempts across Europe.
The U.S. Department of Justice (DoJ) has charged five GRU officers linked to Cadet Blizzard for their role in these attacks, aiming to spread fear and disrupt Ukrainian systems.
A reward of up to $10 million is being offered for information leading to their capture or disruption of their activities.This group has a history of attempted coups, sabotage, and even assassination attempts in Europe, expanding their tactics to include cyber warfare in recent years.
Their cyberattacks aim to steal sensitive data, leak it to cause harm, and destroy valuable information. They employ a mix of junior GRU officers and civilian hackers to achieve their goals.
Their attacks typically start with scanning for vulnerabilities in systems, followed by breaching networks, stealing data,and then either leaking it publicly or selling it.
Organisations are advised to keep their systems updated, fix known security holes, and use strong multi-factor authentication to protect themselves.