Summary and Key Points: Western intelligence agencies have identified Russia's GRU Unit 29155 as responsible for cyberattacks related to the Ukraine War.

-The GRU, a notorious arm of Russian military intelligence, engages in a wide range of covert activities, including cyber warfare.

-Unit 29155 has conducted operations like the WhisperGate malware attack against Ukraine and NATO networks.

-The U.S. is offering a $60 million reward for information leading to the arrest of GRU cyber operators. These activities highlight the growing importance of cyberspace in modern military conflicts and the need for strong cyber defenses.

$60 Million Bounty: U.S. Hunts Russian GRU Hackers for Ukraine Cyberattacks

Western intelligence agencies have identified the Russian GRU, one of Moscow’s most notorious organizations, as responsible for a series of cyberattacks relating to the Ukraine War. 

The United States is offering tens of millions of dollars for information that will lead to the arrest of GRU cyber operators. 

The GRU is the intelligence arm of the Russian military. Its toolkit, however, includes more than just gathering and assessing intelligence. The GRU is infamous for its paramilitary and criminal activities, including assassinations, sabotage, and psychological warfare operations.  

GRU Unit 29155

“The UK National Cyber Security Centre publicly assessed that the Russian Military Intelligence (GRU) Unit 29155 have been responsible for a series of offensive cyber operations targeting victims globally since at least 2020,” British Military Intelligence assessed in its latest estimate of the war. 

Cyberattacks, or computer network attacks, are becoming an integral part of military operations. For example, before the Russian military invaded Ukraine en masse on February 24, 2022, Moscow launched a series of cyberattacks aimed at the Ukrainian command and control systems. The goal was to disorient and distract Ukrainian defenses and maximize the surprise effect of the invading forces. 

“At least some of the group’s cyber operations have almost certainly been aimed at supporting the Russian invasion of Ukraine,” British Military Intelligence added.

GRU Unit 29155 has been identified for involvement in cyberattacks including the so-called WhisperGate malware attack against Ukrainian and NATO networks in 2022.

“They targeted computers around the world and used the computer infrastructures of an unwitting U.S.-based company to conduct the WhisperGate attacks,” Matthew Olsen, U.S. assistant attorney general for national security, said in a recent indictment of six GRU cyber operators involved in the malware attack. 

“They went on to target computer systems in other nations supporting Ukraine in its fight for survival. Ultimately, their targets included computer systems in 26 NATO partners, including the United States.”

Other activity has included website defacements and network scanning for espionage purposes. WhisperGate was previously attributed to the Russian state; this new advisory specifically links the attack to GRU Unit 29155. 

The U.S. Justice Department offers $60 million in reward for information that will lead to the arrest of the GRU cyber operators. 

According to London, GRU Unit 29155 is behind several other intelligence and paramilitary operations, including “attempted coups, sabotage and influence operations, and assassination attempts throughout Europe.” 

“Offensive cyber operations therefore mark a development in the capabilities of Unit 29155. This further highlights the value the Russian state places on cyberspace in the context of their invasion of Ukraine,” British Military Intelligence concluded.

In a potential near-peer conflict with Russia or China, the U.S. military would likely rely on kinetic cyber operations to facilitate the work of regular military units. At the same time, robust cyber defenses are essential to protect against incoming cyberattacks that would seek to frustrate offensive and defensive military operations. 

About the Author

Stavros Atlamazoglou is a seasoned defense journalist specializing in special operations and a Hellenic Army veteran (national service with the 575th Marine Battalion and Army HQ). He holds a BA from the Johns Hopkins University and an MA from the Johns Hopkins’ School of Advanced International Studies (SAIS). His work has been featured in Business Insider, Sandboxx, and SOFREP.

Image Credit: Creative Commons.