UK intel: Russia’s GRU unit known for sabotage, assassination attempts in EU responsible for cyberattacks aiding Ukraine invasion
The UK links Russia’s GRU Unit 29155 to cyber operations supporting the Ukraine invasion, including WhisperGate, and sabotage, espionage, and assassination attempts across Europe.
In its September 11 intelligence update, the British Defense Ministry says the UK National Cyber Security Centre reported that since at least 2020, the Russian GRU intelligence unit 29155 has conducted offensive cyber operations globally, including supporting Russia’s invasion of Ukraine, attempted coups, sabotage, and assassination attempts across Europe.
Offensive cyber operations signal the growing capabilities of Unit 29155, highlighting Russia’s strategic emphasis on cyberspace during the full-scale invasion, the Defense Ministry says.
The Ministry wrote:
- On 05 September 2024, the UK National Cyber Security Centre publicly assessed that the Russian Military Intelligence (GRU) Unit 29155 has been responsible for a series of offensive cyber operations targeting victims globally since at least 2020. At least some of the group’s cyber operations have almost certainly been aimed at supporting the Russian invasion of Ukraine.
- Operations have included the ‘WhisperGate’ destructive wiper malware, which was used against Ukrainian targets in 2022. Other activities have included website defacements and network scanning for espionage purposes. WhisperGate was previously attributed to the Russian state; this new advisory specifically links the attack to GRU Unit 29155.
- Unit 29155 is assessed to be responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Offensive cyber operations therefore mark a development in the capabilities of Unit 29155. This further highlights the value the Russian state places on cyberspace in the context of their invasion of Ukraine.
According to Western intelligence and investigative reports, the unit has been active since at least 2008, with notable operations including the attempted assassinations of Bulgarian arms dealer Emilian Gebrev, former GRU Colonel Sergei Skripal, and involvement in the 2014 Vrbětice ammunition depot explosions in the Czech Republic. The New York Times and Bellingcat have both reported on its role in these activities, with Russia denying all accusations.
Related:
- Ukrainian, French cyber experts disable Russian hacker infrastructure during “EndGame” international operation
- Moscow-backed church’s priest accused of spying for Russian military intel in Kharkiv Oblast
- Germany says Russia behind massive cyberattack last year after Berlin decided to send Ukraine tanks
- LRT: Pro-Russian cyber group targets Lithuanian military system
- Russian GRU’s sabotage recruitment in Baltics exposed by journalists
- Ex-Russian GRU officer Salikov exposes Russia’s proxy Ukraine “republics” (full translation)
- Bellingcat IDs GRU agent for occupied Donetsk and possible MH17 witness (2020)
You could close this page. Or you could join our community and help us produce more materials like this.
We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society.
A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support.