Russian Military Hackers Target U.S. Since 2020, NSA Reports

A recent security advisory from the National Security Agency, Federal Bureau of Investigation, and Cybersecurity & Infrastructure Security Agency has identified Russian military hackers, specifically from Unit 29155, as responsible for cyber attacks targeting the U.S. and NATO allies since 2020. This group is believed to consist of junior active-duty intelligence officers under the guidance of experienced leadership, and they collaborate with known cybercriminals to execute their operations. The attacks have varied in nature, ranging from propaganda efforts, such as website defacement, to more severe actions like data exfiltration and leaks. The advisory highlights that these cyber actors focus on critical infrastructure sectors, including government services, financial services, transportation, energy, and healthcare, affecting not only the U.S. but also other NATO members and countries in Europe, Central America, and Asia. To conduct their operations, Unit 29155 employs publicly available penetration testing tools and common red team hacking techniques. The FBI has recommended several protective measures, including limiting the use of known vulnerabilities, conducting regular automated vulnerability scans, and disabling unnecessary applications and protocols on operating systems. The ongoing threat posed by these hackers underscores the importance of cybersecurity vigilance among organizations and governments. As the landscape of cyber warfare evolves, it is crucial for entities to adopt robust security measures to safeguard their critical infrastructure from such sophisticated attacks.