Security News > 2023 > June > Microsoft links data wiping attacks to new Russian GRU hacking group
Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces.
The company previously connected this new GRU hacking group with the destructive WhisperGate data-wiping attacks in Ukraine that started on January 13, 2022, more than a month before the Russian invasion of Ukraine in February 2022.
"Microsoft assesses that Cadet Blizzard operations are associated with the Russian General Staff Main Intelligence Directorate but are separate from other known and more established GRU-affiliated groups such as Forest Blizzard and Seashell Blizzard," Microsoft said.
Microsoft says that Cadet Blizzard's attacks have a relatively lower success rate when compared to other GRU-affiliated hacking groups like APT28 and Sandworm.
Since the 2022 defacements and data-wiping attacks and starting in February 2023, the GRU hacking group has been behind a barrage of attacks targeting Ukrainian government organizations and IT providers.
CERT-UA linked the attacks to Ember Bear, a group that it believes has been active since at least March 2021, with attacks targeting Ukrainian organizations with information stealers, backdoors, and data wipers camouflaged as ransomware primarily delivered via phishing emails.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)