Not much was known about the secretive unit 29155 within Russia’s military intelligence (GRU) until recently – except its suspected crimes. But now, journalists claim to have gained access to one of the group’s servers.
-
Hackers linked to Russia’s military intelligence unit 29155 were exposed after accessing an unsecured server.
-
Unit 29155 has been previously linked to the failed poisonings of Sergey Skripal and Bulgarian arms dealer Emilian Gebrev.
-
Most of the unit’s hacking and information operations failed due to low morale and corruption within the leadership.
According to The Insider report, Unit 29155 has been previously linked to the failed poisonings of Sergey Skripal in Salisbury and Bulgarian arms dealer Emilian Gebrev, as well as explosions at ammunition depots in Bulgaria and the Czech Republic.
Until recently, little was known about its involvement in cyber operations. This isn’t surprising because Unit 29155 is mostly Russia’s kill and sabotage squad
But now, The Insider has gained access to one of the group’s servers, which had virtually no security protections, and says it can implicate Unit 29155 for the first time as state hackers as well.
A little dig-around revealed a broad list of targets, ranging from Ukrainian state-owned companies and European infrastructure to a Qatari bank and medical facilities worldwide, says the report.
Moreover, through analysis of phone records, travel data, and internal correspondence, journalists identified dozens of hacking team members, including convicted credit card fraudsters, recent university graduates, and GRU sabotage veterans with no background in IT whatsoever.
According to The Insider, most of the unit’s hacking and information operations failed due to low morale and corruption within the leadership.
One of the unit’s few successful cyberattacks was against QBNB, Qatar’s largest bank. In May 2016, GRU hackers exfiltrated 1.5GB of data, including customer data.
To deflect blame, a Turkish ultranationalist group claimed responsibility for the breach. However, it was Unit 29155 that leaked the data online and structured the dump in such a way as to draw the focus to the financial dealings of the Qatari royal family and their government’s intelligence operations.
The hackers were more often successful in what Russian intelligence operatives are very good at – waging a hybrid war against Ukraine and its Western allies by conducting false-flag hacks and generally spreading disinformation.
According to The Insider, the hacking unit even used crypto payment wallets to compensate graffiti artists who were daubing slogans directed against the Ukrainian president Volodymyr Zelensky in Ukrainian cities prior to Russian invasion in 2022.
All that, and more, was found by The Insider in leaked emails, social media posts, and – crucially – unprotected server logs and left-behind burner emails.
Unit 29155’s hacking department appears to be the youngest cyber unit within the GRU system, whose other ornaments include Unit 26165, or “Fancy Bear,” which was publicly implicated in interfering in the US presidential election in 2016, and Unit 74455, or “Sandworm,” which caused the most devastating and costly cyberattack in history the following year.
Your email address will not be published. Required fields are markedmarked