{"id":1437,"date":"2023-06-14T16:00:00","date_gmt":"2023-06-14T16:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=74808"},"modified":"2023-06-14T16:00:00","modified_gmt":"2023-06-14T16:00:00","slug":"microsoft-identifies-new-hacking-unit-within-russian-military-intelligence","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/06\/14\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence\/","title":{"rendered":"Microsoft identifies new hacking unit within Russian military intelligence"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Microsoft identifies new hacking unit within Russian military intelligence | CyberScoop<\/title> <meta name=\"description\" content=\"Dubbed &quot;Cadet Blizzard,&quot; the hacking group carried out operations targeting Ukrainian infrastructure in the run-up to the Russian invasion.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-gru-russia-ukraine-hacking\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft identifies new hacking unit within Russian military intelligence\"> <meta property=\"og:description\" content=\"Dubbed &quot;Cadet Blizzard,&quot; the hacking group carried out operations targeting Ukrainian infrastructure in the run-up to the Russian invasion.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-gru-russia-ukraine-hacking\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-06-14T16:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2023-06-14T16:06:52+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1196\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1684764845g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1686856099g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1686688438g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=172264176d4de0f97962\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/74808\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<link rel=\"wlwmanifest\" type=\"application\/wlwmanifest+xml\" href=\"https:\/\/cyberscoop.com\/wp-includes\/wlwmanifest.xml\">\n<meta name=\"generator\" content=\"WordPress 6.2.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=74808\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-gru-russia-ukraine-hacking%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-gru-russia-ukraine-hacking%2F&amp;format=xml\">\n<meta name=\"parsely-title\" content=\"Microsoft identifies new hacking unit within Russian military intelligence\"><br \/>\n<meta name=\"parsely-link\" content=\"http:\/\/cyberscoop.com\/microsoft-gru-russia-ukraine-hacking\/\"><br \/>\n<meta name=\"parsely-type\" content=\"post\"><br \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?w=150&amp;h=150&amp;crop=1\"><br \/>\n<meta name=\"parsely-pub-date\" content=\"2023-06-14T16:00:00Z\"><br \/>\n<meta name=\"parsely-section\" content=\"Geopolitics\"><br \/>\n<meta name=\"parsely-tags\" content=\"cadet blizzard,free civilian,gru,microsoft threat intelligence center,russia,ukraine\"><br \/>\n<meta name=\"parsely-author\" content=\"AJ Vicens\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-74808 single-format-standard\" id=\"readabilityBody\"> <svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-dark-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncG type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncB type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.54901960784314 0.98823529411765\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.71764705882353 0.25490196078431\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-red\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.27843137254902\" \/><feFuncB type=\"table\" tableValues=\"0.5921568627451 0.27843137254902\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-midnight\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0\" \/><feFuncG type=\"table\" tableValues=\"0 0.64705882352941\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-magenta-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.78039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.94901960784314\" \/><feFuncB type=\"table\" tableValues=\"0.35294117647059 0.47058823529412\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-green\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.65098039215686 0.40392156862745\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.44705882352941 0.4\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-orange\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.098039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.66274509803922\" \/><feFuncB type=\"table\" tableValues=\"0.84705882352941 0.41960784313725\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg> <a href=\"https:\/\/cyberscoop.com\/microsoft-gru-russia-ukraine-hacking\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.761467889908\">\n<div class=\"single-article__header-content\" readability=\"31.312252964427\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Dubbed &#8220;Cadet Blizzard,&#8221; the hacking group carried out operations targeting Ukrainian infrastructure in the run-up to the Russian invasion. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"399\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence.jpg?resize=640%2C399&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=300,187 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=768,478 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=1024,638 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=1536,957 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=600,374 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=270,168 270w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=541,337 541w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=1084,675 1084w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.jpg?resize=1353,843 1353w\" sizes=\"(max-width: 1084px) 100vw, 1084px\"><figcaption> Cars drive past the headquarters of the Russian General Staff&#8217;s Main Intelligence Department (GRU) in Moscow on December 30, 2016. (Photo by NATALIA KOLESNIKOVA\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"58.210755070735\"><body readability=\"117.91238401142\"><\/p>\n<p>On Jan. 13, 2022, about five weeks before Russia\u2019s full-scale invasion of Ukraine, Russian hackers carried out one of the first cyberattacks in the run-up to the conflict. <\/p>\n<p>Posing as ransomware, the malware worked in two stages: First, it would overwrite the master boot record with a ransom note, pointing victims to a bitcoin wallet and demanding a relatively paltry $10,000 to recover corrupted files. Then it would download and deploy file corrupter malware, targeting files in particular directories to be overwritten. But the operation was a ruse: There was no way to recover the files. <\/p>\n<p>Two days after the malware was deployed, Microsoft researchers published <a href=\"http:\/\/microsoft.com\/en-us\/security\/blog\/2022\/01\/15\/destructive-malware-targeting-ukrainian-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">an analysis of the destructive tool<\/a>, dubbing it WhisperGate. By May, officials in Ukraine, the United States and the United Kingdom <a href=\"http:\/\/gov.uk\/government\/news\/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion\">attributed the attack<\/a> to units working under Russian Main Intelligence Directorate (GRU).<\/p>\n<p>A year later, Microsoft researchers have determined that the unit behind that attack is an active and distinct group within the GRU, responsible for website defacements, destructive attacks, cyber espionage and hack-and-leak operations. In <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/06\/14\/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor\/\" target=\"_blank\" rel=\"noreferrer noopener\">a report published Wednesday<\/a>, Microsoft concludes that a group it is calling \u201cCadet Blizzard\u201d is behind a wave of attacks since February 2023 targeting not only Ukraine, but also NATO member states providing military assistance to Ukraine. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Wednesday\u2019s report for the first time identifies the activity as distinct and novel from other GRU-affiliated cyber operations, which includes the group widely tracked as <a href=\"https:\/\/cyberscoop.com\/sandworm-wiper-ukraine-russia-military-intel\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sandworm<\/a> and believed to be responsible for multiple attacks on Ukraine\u2019s electric grid in recent years. Hacking operations linked to the GRU are considered among the most destructive and potent in the Russian-affiliated hacking ecosystem.<\/p>\n<p>\u201cThe emergence of a novel GRU affiliated actor, particularly one which has conducted destructive cyber operations likely supporting broader military objectives in Ukraine, is a notable development in the Russian cyber threat landscape,\u201d the researchers said Wednesday, while noting that the group\u2019s attacks are generally less successful than more sophisticated and prolific Russian hacking groups, such as Sandworm.<\/p>\n<p>Russian hacking groups have either refrained from or failed to carry out spectacular cyber attacks targeting Ukrainian critical infrastructure as part of the Kremlin\u2019s attempt to overthrow the government in Kiev. But Russian hacking groups have <a href=\"https:\/\/cyberscoop.com\/victor-zhora-ukraine-russia-cyber-war-one-year\/\" target=\"_blank\" rel=\"noreferrer noopener\">nonetheless remained active in the conflict<\/a>, carrying out attacks to wipe Ukrainian computer systems and carry out information operations \u2014 the type of action that is emblematic of Cadet Blizzard. <\/p>\n<p>Dating to at least 2020, Cadet Blizzard\u2019s activity includes attacks around the world \u2014&nbsp;in Europe, Latin America and Central Asia \u2014&nbsp;with a particular focus on government services, law enforcement, nonprofits\/NGOs, IT service providers and emergency services, the researchers said. The group has consistently targeted IT and software providers, the researchers added, given that one successful attack can lead to multiple downstream compromises. <\/p>\n<p>Microsoft characterizes the group as a conventional network operator that works without bespoke malware or tooling. \u201cUnlike other Russian-affiliated groups that historically prefer to remain undetected to perform espionage, the result of at least some notable Cadet Blizzard operations are extremely disruptive and are almost certainly intended to be public signals to their targets to achieve the larger objective of destruction, disruption, and possibly, intimidation,\u201d the researchers noted.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Cadet Blizzard\u2019s activity overlaps with other cyber operations that \u201cmay have a broader scope or a nexus outside of Russia,\u201d including connections to a group Microsoft tracks as Storm-0587, denoting an unattributed activity. That group is linked to malware known as <a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2021\/04\/a-deep-dive-into-saint-bot-downloader\" target=\"_blank\" rel=\"noreferrer noopener\">SaintBot<\/a>, a downloader that can be configured to deliver nearly any other payload. Cadet Blizzard also has support from \u201cat least one private sector enabler organization within Russia,\u201d the researchers noted.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" loading=\"lazy\" width=\"640\" height=\"223\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence.png?resize=640%2C223&#038;ssl=1\" alt class=\"wp-image-74811\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png 2108w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=300,104 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=768,267 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=1024,357 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=1536,535 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=2048,713 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=600,209 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=1200,418 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-2.png?resize=1500,522 1500w\" sizes=\"auto, (max-width: 2108px) 100vw, 2108px\"><figcaption class=\"wp-element-caption\">Cadet Blizzard normal operational lifecycle (Microsoft Threat Intelligence Center).<\/figcaption><\/figure>\n<p>The group uses a hacktivist front called \u201cFree Civilian\u201d to publish and share stolen data, according to the report. Free Civilian posted and leaked stolen Ukrainian government data from various sources on its website in January 2022 ahead of the invasion. The organizations whose data was leaked \u201cstrongly correlated to multiple Cadet Blizzard compromises earlier in 2022,\u201d the researchers said, suggesting \u201cthat this forum is almost certainly linked to Cadet Blizzard.\u201d<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" loading=\"lazy\" width=\"640\" height=\"401\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-1.png?resize=640%2C401&#038;ssl=1\" alt class=\"wp-image-74814\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png 2440w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=300,188 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=768,482 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=1024,642 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=1536,963 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=2048,1284 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=600,376 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=268,168 268w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=537,337 537w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=1076,675 1076w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/06\/microsoft-identifies-new-hacking-unit-within-russian-military-intelligence-3.png?resize=1344,843 1344w\" sizes=\"auto, (max-width: 2440px) 100vw, 2440px\"><figcaption class=\"wp-element-caption\">Front page of the Free Civilian website (Microsoft Threat Intelligence Center).<\/figcaption><\/figure>\n<p>On Feb. 21, 2023, the Free Civilian launched a Telegram channel. The next day, a post in Russian began: \u201cHello, long time no see,\u201d followed by promises of data from a range of Ukrainian government agencies and a message mocking Ukraine\u2019s Cyber Police and its security service. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The channel has continued to post stolen data and references to stolen data, including as recently as April 26. The channel had just more than 1,300 subscribers as of Wednesday, with most posts \u201cgetting at most a dozen reactions as of the time of publication,\u201d the researchers said, \u201csignifying a low user interaction.\u201d <\/p>\n<p>A separate private channel likely operated by the group offers access to stolen data. The administrators of that channel have to manually approve requests to join, and as of Wednesday the channel had 779 members.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.0477099236641\">\n<div class=\"author-card\" readability=\"8\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-gru-russia-ukraine-hacking\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft identifies new hacking unit within Russian military intelligence |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[464,465,302,466,467,270,288,354],"tags":[468,469,306,470,471,276,294,358],"class_list":["post-1437","post","type-post","status-publish","format-standard","hentry","category-cadet-blizzard","category-free-civilian","category-geopolitics","category-gru","category-microsoft-threat-intelligence-center","category-russia","category-threats","category-ukraine","tag-cadet-blizzard","tag-free-civilian","tag-geopolitics","tag-gru","tag-microsoft-threat-intelligence-center","tag-russia","tag-threats","tag-ukraine"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cadet-blizzard\/\" rel=\"category tag\">Cadet Blizzard<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/free-civilian\/\" rel=\"category tag\">Free Civilian<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gru\/\" rel=\"category tag\">GRU<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence-center\/\" rel=\"category tag\">Microsoft Threat Intelligence Center<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a>","tag_info":"Ukraine","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1437"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1437\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}