A notorious unit of Russia's military intelligence agency (GRU) is carrying out cyber attacks against critical infrastructure in NATO and EU countries, as well as Ukraine, Western intelligence agencies warned on Sept. 5.
GRU Unit 29155 is believed to be responsible for a number of physical attacks in Western countries, including the poisoning of former double agent Sergei Skripal in the U.K. in 2018 and the ammunition warehouse explosions in Czechia in 2014.
The unit is also responsible for an attempted coup in Montenegro and a political destabilization campaign in Moldova.
Western intelligence agencies have now uncovered that this unit has a powerful cyber arm and that it has been carrying out attacks since 2020.
The U.S. charged five Russian intelligence officers and one Russian civilian on Sept. 5, who are suspected to have attempted attacks against Ukraine and at least 26 NATO countries, including the U.S.
The suspects are identified as the commander of the unit, Yuriy Denisov, and the unit's operatives Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, and Nikolay Korchagin. The civilian co-conspirator is named as Amin Sitgal.
The suspects "engaged in a conspiracy to hack into, exfiltrate data from, leak information obtained from, and destroy computer systems associated with the Ukrainian government in advance of the Russian invasion," the indictment said.
The group also "probed a variety of protected computer systems including those associated with 26 NATO member countries" from August 2021 and is believed to have hacked the transport infrastructure "of a Central European country that was supporting Ukraine" in August 2022, according to the indictment.
Estonia also issued arrest warrants for three men identified as attempting to carry out attacks in Estonia: Yuriy Denisov, Nikolay Korchagin, and Vitaliy Shevchenko.
"Although the suspects are currently known to be in Russia, the international search and arrest warrants mean that when they travel out of Russia, there is a real risk that some country will detain them and extradite them to Estonia for prosecution," Estonian State Prosecutor Vahur Verte said.
The Dutch Military Intelligence Agency (MIVD) warned that although the Netherlands has not yet been victim to a cyber attack by Unit 29155, the country is a target due to the role it plays in providing logistical support for Ukraine.
The unit's "operations are mainly aimed at Western governments and vital infrastructure," in order to disrupt Western aid to Ukraine, the MIVD said.
Abbey Fenbert
(Updated: )
