A hacking group known as Cadet Blizzard has been revealed to associated with a unit of the GRU, Russia’s military intelligence agency.
A group of government agencies from the U.S., the U.K., Australia, Canada, Ukraine and a number of other countries disclosed the discovery today. Separately, the U.S. Justice Department unsealed an indictment against five Cadet Blizzard hackers and a co-conspirator.
Cadet Blizzard is part of the GRU’s Unit 29155, which has been linked to multiple assassination attempts, attempted coups and sabotage operations in Europe. It’s believed that Unit 29155 formed its own hacking group as early 2020. Wired today cited intelligence officials as saying that Cadet Blizzard is distinct from other hacking groups within the GRU, operates out of its own building and comprises about 10 individuals.
It’s believed that Cadet Blizzard occasionally collaborates with Russian cybercriminals on hacking campaigns. In some cases, the hackers use commodity malware to power breach attempts.
Initially, Cadet Blizzard reportedly focused primarily on espionage. The hackers later branched out to other malicious activities. Those activities range from website defacements to file exfiltration and data leaks.
Shortly before Russia’s invasion of Ukraine in 2022, Cadet Blizzard targeted more than a dozen Ukrainian government agencies with a piece of malware called WhisperGate. The malware was designed to appear as ransomware. In reality, it was created to destroy the computers that it infected along with the data inside.
Later in 2022, Cadet Blizzard reportedly hacked the network of a Central European country’s railway agency. The goal of the breach, according to Wired, was to collect data on shipments of supplies to Ukraine.
In another 2022 incident, the hackers leveraged the infrastructure they used to launch cyberattacks against Ukraine to probe the network of a Maryland-based federal agency. The goal was to find vulnerabilities that could be used to launch cyberattacks. The hackers are believed to have scanned the agency’s network no fewer than 63 times in search of weak points.
Overall, officials estimate that Cadet Blizzard has carried out domain scanning with the goal of finding vulnerabilities more than 14,000 times to date. Those vulnerability detection attempts targeted networks in the U.S. and at least 25 other NATO members. Cadet Blizzard’s domain scans often focus on organizations in the government services, financial services, transportation systems, energy and healthcare sectors.
In the indictment that was unsealed today, a Maryland grand jury brought charges against five Cadet Blizzard hackers and a co-conspirator. The charges focus on the cyberattacks the group launched against Ukrainian government networks ahead of Russia’s invasion and the domain scanning campaign. In conjunction, the Justice Department posted a $10 million award for information about the defendants’ location or hacking activities.