Source: Cyber Scoop
Summary
Microsoft researchers have identified a new hacking unit with the Russian Military Intelligence (GRU) that they believe is responsible for cyber attacks against Ukraine and NATO countries providing support to Ukraine since 2020.
The group, which Microsoft named Cadet Blizzard, is described as a conventional network operator that works without bespoke malware or tooling. Its activities are usually extremely disruptive and likely intended to send a message of intimidation to its targets and victims.
Microsoft assesses that Cadet Blizzard uses a hacktivist front called “Free Civilian” to publish and share the data stolen from its victims, based on strong correlations between Cadet Blizzard's compromises and the data published on the site.
Analysis
Cadet Blizzard is likely a small group of GRU cyber operators charged with targeting Ukraine and the countries supporting it with low-risk/high-reward cyber attacks. While the “Free Civilian” front provides some plausible deniability, the GRU has a long track record conducting these types of campaigns against organizations and events that pose a risk to Russian interests or its reputation.
For example, in response to the ban of certain Russian athletes from participating in the 2016 Olympic Games in Rio, the GRU hacked the World Anti-Doping Agency and subsequently released stolen data on a thinly veiled website called fancybear[.]net.
Other examples include attacks on the Democratic National Committee and the Guccifer 2.0 persona, and the release of emails belonging to multiple figures in the US government and military on dcleaks[.]com. The use of a limited "tiger team" for such purposes frees up personnel and resources to fulfil competing intelligence requirements, notably those supporting Russia’s invasion of Ukraine.
Mitigation
Field Effect recommends that governments and organizations in Ukraine, and those in support of Ukraine, adopt a heightened security posture towards cybersecurity given the threat posed by Russian state-sponsored cyber actors. We encourage all organizations to review the U.S. Cybersecurity & Infrastructure Security Agency (CISA) ShieldsUp program, which provides robust guidance for preparing, responding to, and mitigating the impacts of Russian state-sponsored cyber attacks.
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for novel TTPs and IoCs associated with nation-state-sponsored groups such as Cadet Blizzard. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate threat activity.
Further references