Security News > 2023 > June > Microsoft links data wiping attacks to new Russian GRU hacking group

Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces.

The company previously connected this new GRU hacking group with the destructive WhisperGate data-wiping attacks in Ukraine that started on January 13, 2022, more than a month before the Russian invasion of Ukraine in February 2022.

"Microsoft assesses that Cadet Blizzard operations are associated with the Russian General Staff Main Intelligence Directorate but are separate from other known and more established GRU-affiliated groups such as Forest Blizzard and Seashell Blizzard," Microsoft said.

Microsoft says that Cadet Blizzard's attacks have a relatively lower success rate when compared to other GRU-affiliated hacking groups like APT28 and Sandworm.

Since the 2022 defacements and data-wiping attacks and starting in February 2023, the GRU hacking group has been behind a barrage of attacks targeting Ukrainian government organizations and IT providers.

CERT-UA linked the attacks to ​Ember Bear, a group that it believes has been active since at least March 2021, with attacks targeting Ukrainian organizations with information stealers, backdoors, and data wipers camouflaged as ransomware primarily delivered via phishing emails.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-links-data-wiping-attacks-to-new-russian-gru-hacking-group/