Today, Dutch intelligence (AIVD and MIVD) and Microsoft have published two reports unveiling a potential new Russian threat actor: Laundry Bear, or Void Blizzard. This actor was discovered through a recent compromise of the Dutch Police, and it has been targeting Western organizations since at least 2024, including armed forces, government organizations and defense contractors, […]
GRU: Military Unit 54777
The main units of the Russian GRU engaged in cyberspace operations have been discussed in this blog: from our old posts (from 2018) about unit 26165 and 74455, to the recent rise of unit 29155. All these units have something in common, in addition to their cyberspace capabilities: they have been assigned an APT group […]
GRU military unit 29155
GRU’s military unit 29155 (161st Specialist Training Center) has been historically engaged in kinetic active measures such as subversion, assassinations or sabotage. Soviet or Russian active measures refer to covert operations aimed at influencing third countries’ politics or public opinion. They include from cyberspace activities to “wet stuff” (or “bloody stuff”, or simply “stuff that […]
(Cyber) GRU (XIV): conclusions
In this work, we have analyzed mainly the structure, targets and TTP of the GRU in the cyber field, based on the information brought to light during 2018 and which allowed to obtain a detailed knowledge of the Service and its activities, not only to intelligence services, but also to poor analysts like us who […]
(Cyber) GRU (XIII): questions and conspiracies
Everything that happened in 2018 in relation to the GRU, both the public accusations of different governments and the private investigations in relation to their activities, make us ask ourselves different questions; surely all of them have an answer, but we do not know them, or at least not for sure… so, we can also […]
(Cyber) GRU (XII): OPSEC
The GRU members expelled from the Netherlands used basic OPSEC measures, such as throwing out their own rubbish while staying in a hotel; nevertheless, their arrest revealed the lack of other equally basic security measures, that undoubtedly will have given the Service plenty to talk about. Perhaps the proximity operations – at least in the […]