Co-Authored by:
This document is marked TLP:CLEAR. Disclosure is not limited. Sources may use TLP:CLEAR when information
carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public
release. Subject to standard copyright rules, TLP:CLEAR information may be distributed without restriction. For
more information on the Traffic Light Protocol, see http://www.cisa.gov/tlp.
Russian Military Cyber Actors Target U.S. and
Global Critical Infrastructure
Summary
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and
National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main
Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer
network operations against global targets for the purposes of espionage, sabotage, and reputational harm
since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware
against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are
separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and
Unit 74455.
To mitigate this malicious cyber activity, organizations should take the following actions today:
Prioritize routine system updates and remediate known exploited vulnerabilities.
Segment networks to prevent the spread of malicious activity.
Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services,
especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.
This Cybersecurity Advisory provides tactics, techniques, and procedures (TTPs) associated with Unit
29155 cyber actors—both during and succeeding their deployment of WhisperGate against Ukraine—as
well as further analysis (see Appendix A) of the WhisperGate malware initially published in the joint
advisory, Destructive Malware Targeting Organizations in Ukraine, published February 26, 2022.
