Security News > 2023 > June > Microsoft: Russia sent its B team to wipe Ukrainian hard drives

Microsoft linked Cadet Blizzard to Russia's GRU military intelligence unit.

"Cadet Blizzard seeks to conduct disruption, destruction, and information collection, using whatever means are available and sometimes acting in a haphazard fashion," they wrote.

"While the group carries high risk due to their destructive activity, they appear to operate with a lower degree of operational security than that of longstanding and advanced Russian groups such as Seashell Blizzard and Forest Blizzard."

Cadet Blizzard has been operating since 2020 and, while not as prolific in scale or scope as other established Russian groups, its campaigns are designed to be destructive.

Cadet Blizzard exploits vulnerabilities in web services, such as Microsoft Exchange and Atlassian Confluence, then uses living-off-the-land techniques to move laterally through the network to grab information such as credentials and mail, or to drop malware to delete data and make systems inoperable.

Unlike its Russian peers that like to go undetected during their operations, "The result of at least some notable Cadet Blizzard operations are extremely disruptive and are almost certainly intended to be public signals to their targets to achieve the larger objective of destruction, disruption, and possibly, intimidation."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/16/microsoft_cadet_blizzard_threat/