Russia accused of EU and Nato cyber-attacks

A well-known Russian military unit has been implicated in a series of cyber-attacks targeting Ukrainian allies across the globe, aimed at disrupting humanitarian and aid efforts, according to a joint briefing from Western intelligence agencies. This unit, identified as Unit 29155, has a history of high-profile espionage and sabotage, including the 2018 poisoning of a former Russian double agent and his daughter in Salisbury, UK.

The intelligence agencies from the UK, US, and several other countries have revealed that Unit 29155 expanded its operations into cyber warfare in 2020. The unit’s involvement in cyber-attacks has intensified since the full-scale Russian invasion of Ukraine began in February 2022.

This recent briefing highlights a broader scope of cyber activity than previously reported, extending beyond Ukraine to include several European countries. The disclosure comes amid growing concerns among European governments about increased Russian espionage activities in the wake of the Ukraine conflict.

Keir Giles, a specialist in Russian cyber operations at the Chatham House think tank in the UK, explained that while earlier focus was primarily on Russian cyber efforts against Ukraine, the new information reveals a much wider range of targets. “What these latest announcements make clear is that the targets were much broader than previously understood,” Giles noted. “They are talking about various government and civilian agencies, civil society organizations across Western Europe, the EU, and NATO.”

The joint statement, which was endorsed by intelligence agencies from the Netherlands, Czech Republic, Germany, Estonia, Latvia, Canada, and Australia, outlined the activities of a specific division within Unit 29155. This division, known under names such as Cadet Blizzard and Ember Bear, has been linked to several coordinated cyber campaigns.

Notably, the group was responsible for the WhisperGate campaign, which targeted Ukrainian government agencies in January 2022. Since then, the focus of their attacks has shifted towards disrupting aid deliveries to Kyiv. The Western agencies reported that the cyber unit has targeted critical infrastructure, including government agencies and private companies involved in finance, transport, energy, and health sectors across multiple EU and NATO member states, as well as in regions like Asia and Latin America.

Giles emphasized the ongoing nature of these cyber activities, warning that the threat from Russian cyber operations is persistent and evolving. “People need to be aware that these attacks are ongoing and that Russia continues to target us,” he said. “What’s particularly notable at the moment is how Russia’s cyber operations appear to be preparatory steps for potential overt attacks on NATO. This includes reconnaissance and sabotage of logistical links, such as rail networks, across Europe.”

The disclosure of these cyber operations reflects a growing concern about Russia’s strategic use of cyber capabilities to undermine Western allies and disrupt support systems for Ukraine. As the situation develops, it is clear that the cyber landscape is becoming an increasingly critical front in the broader geopolitical conflict. The ongoing cyber-attacks highlight the need for heightened vigilance and robust defenses to counteract these sophisticated threats.