U.S. federal agencies have intensified their efforts to combat Russian cyber-operations, unveiling an indictment against members of a Russian military intelligence unit responsible for the devastating WhisperGate malware and other cyberattacks. The Department of Justice (DOJ) has charged five members of Russia’s GRU Unit 29155, along with a civilian, for their involvement in conspiracy to commit computer intrusion and wire fraud. The U.S. government is also offering a reward of up to $10 million for information aiding in the prosecution of the accused.
The indictment alleges a coordinated effort to hack into Ukrainian government systems, steal sensitive data, leak stolen information, and destroy critical computer systems—actions that were part of Russia’s broader preparations for its invasion of Ukraine. The DOJ noted that Ukraine’s government fell victim to the WhisperGate malware as early as January 2022, targeting institutions like the Ministry of Internal Affairs, the State Treasury, and the Judiciary Administration, all of which hold no military significance.
Assistant Attorney General Matthew G. Olsen condemned the attacks, emphasizing that Russia’s WhisperGate campaign underscores its disregard for innocent civilians as it continues its unjust invasion of Ukraine.
According to the FBI, CISA, and the NSA, Unit 29155’s activities have expanded beyond traditional military operations to include cyber-espionage, sabotage, and attacks aimed at tarnishing the reputations of global targets. This unit, referred to as Cadet Blizzard by Microsoft, continues to operate internationally, focusing on a range of targets across Europe, North America, Latin America, and Central Asia.
The indicted individuals include Col. Yuriy Denisov, the commanding officer of Unit 29155’s cyber operations, and four lieutenants: Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, and Nikolay Korchagin. A civilian, Amin Sitgal, was also charged for his role in the WhisperGate campaign, having previously been accused in June of participating in the malware attack.
These indictments come on the heels of another DOJ action accusing Russia of directing influence campaigns aimed at U.S. voters.
Before 2020, Unit 29155 was primarily responsible for attempted coups, sabotage operations, and assassination attempts throughout Europe. However, in recent years, the unit has integrated cyber-operations into its arsenal, becoming a formidable actor in global cyber warfare. The U.S. advisory notes that the unit employs junior GRU officers under experienced leadership and often collaborates with non-GRU cybercriminals to execute their operations.
Ukraine remains a central target for Unit 29155, but its cyberattacks have also hit NATO members and countries across Europe, North America, and beyond. In addition to the WhisperGate attacks, Unit 29155 has been linked to website defacements, infrastructure scanning, data theft, and information leaks.
To avoid detection, the unit frequently employs common red teaming techniques and publicly available tools such as Acunetix, Shodan, and VirusTotal. Their operations have even involved the use of the Discord chat platform. The unit and its cybercriminal affiliates also maintain dark web accounts to access malware and hacker tools, including Raspberry Robin and SaintBot, according to U.S. agencies.
The advisory also provides a detailed analysis of WhisperGate malware, highlighting the broader threat it poses, as it is not exclusively used by Unit 29155. Other notorious GRU subgroups, such as Unit 26165 (also known as Fancy Bear or APT28) and Unit 74455 (tracked as Sandworm), remain more widely recognized for their cyber-operations.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
