Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and additional partners have identified Russian GRU Unit 29155 as responsible for cyber operations targeting global entities for espionage, sabotage, and reputational damage since at least 2020. This unit, distinct from other GRU-affiliated cyber groups, began deploying WhisperGate malware against Ukrainian organizations in January 2022. To protect against these threats, organizations should regularly update their systems, segment their networks, and use phishing-resistant multifactor authentication. The advisory released by these agencies details the tactics and techniques employed by Unit 29155, including data theft, destruction, and disruption, which have affected some members of the North Atlantic Treaty Organization (NATO), the European Union, and other regions. Supported by a coalition of international and U.S. agencies, the advisory also provides resources for tracking and mitigating these cyber threats. For further details, please visit Joint Cybersecurity Advisory.