Back

Russian Military Cyber Actors Target US and Global Critical Infrastructure

Sept. 9, 2024, 8:30 a.m.

Tags

2024-09-09
cadet blizzard
whispergate
ember bear
frozenvista
unc2589
uac-0056
gru unit 29155

External References

https://www.cisa.gov/

https://otx.alienvault.com/

Description

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.

Date

Published Created Modified
Sept. 9, 2024, 8:02 a.m. Sept. 9, 2024, 8:02 a.m. Sept. 9, 2024, 8:30 a.m.

Indicators

fd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2

dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

db5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f

b9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b

aa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a

9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d

923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6

35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a

489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166

29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b

163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2

0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3

1AVNM68gj6PGPFcJuftKATa4WLnzg8fpfv

5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d

a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907

81.17.24.130

79.124.8.66

62.173.140.223

5.226.139.66

46.101.242.222

45.141.87.11

185.245.85.251

185.245.84.227

179.43.189.218

179.43.187.47

179.43.176.60

179.43.175.38

179.43.175.108

179.43.162.55

179.43.142.42

179.43.133.202

112.132.218.45

90.131.156.107

194.26.29.98

194.26.29.95

194.26.29.84

194.26.29.251

112.51.253.153

111.111.111.111

154.21.20.82

https://3proxy.ru

http://DJVU.SH

009247.3183-377.3183.1bf6c.19446.2@bxss.me

Attack Patterns

WhisperGate

T1596

T1125

T1588

T1550

T1110

T1583

T1572

T1567

T1213

T1552

T1114

T1095

T1505

T1590

T1105

T1071

T1595

T1046

T1560

T1485

T1190

T1090

T1078

T1003

T1059

CVE-2022-27666

CVE-2022-26138

CVE-2021-33045

CVE-2021-33044

CVE-2022-3236

CVE-2021-4034

CVE-2021-26084

CVE-2021-3156

CVE-2020-1472

CVE-2022-26134