The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), the National Security Agency, and other international partners, issued an Alert on September 5, 2024, warning that cyber actors affiliated with the Russian military are targeting critical infrastructure, government services, financial services, transportation systems, energy, and healthcare sectors of NATO members.

The Alert warns that Unit 29155 cyber actors affiliated with the Russian military are collecting information for “espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage caused by the destruction of data.” The cyber actors of Unit 29155 have been assessed as officers of the GRU and are being assisted by “known cyber-criminals.” Some of the threat group names associated with these actors include Cadet Blizzard, Ember Bear, Frozenvista, UNC2589, and UAC-0056.

Unit 29155 is believed to be responsible for WhisperGate against Ukraine and is involved in attacking numerous members of NATO. “The activity includes cyber campaigns such as website defacements, infrastructure scanning, data exfiltration, and data leak operations. These actors sell or publicly release exfiltrated victim data obtained from their compromises.”

The FBI has detected more than 14,000 instances of domain scanning and “have defaced victim websites and used public website domains to post exfiltrated victim information.”

The Alert details the tactics, techniques, and procedures the threat actors use. To mitigate this, the Alert urges organizations to:

  • Prioritize routine system updates and remediate known exploited vulnerabilities.
  • Segment networks to prevent the spread of malicious activity.

Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services, especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.