UK intel: Russia’s GRU unit known for sabotage, assassination attempts in EU responsible for cyberattacks aiding Ukraine invasion

The UK links Russia’s GRU Unit 29155 to cyber operations supporting the Ukraine invasion, including WhisperGate, and sabotage, espionage, and assassination attempts across Europe.

Sep 11, 2024 - 10:00
UK intel: Russia’s GRU unit known for sabotage, assassination attempts in EU responsible for cyberattacks aiding Ukraine invasion

uk intel russia's gru unit known sabotage assassination attempts eu responsible cyberattacks aiding ukraine invasion complex buildings general staff armed forces russian federation moscow tass rfe/rl a8f639bb-23a9-477c-b72f-2ebfaca96f23_cx0_cy10_cw0_w1023_r1_s

In its September 11 intelligence update, the British Defense Ministry says the UK National Cyber Security Centre reported that since at least 2020, the Russian GRU intelligence unit 29155 has conducted offensive cyber operations globally, including supporting Russia’s invasion of Ukraine, attempted coups, sabotage, and assassination attempts across Europe.

Unit 29155, a secretive GRU military intelligence unit based in Moscow, has been known to be linked to assassinations, sabotage, and destabilization efforts across Europe. Its cyber capabilities are a new development and were not previously known.

Offensive cyber operations signal the growing capabilities of Unit 29155, highlighting Russia’s strategic emphasis on cyberspace during the full-scale invasion, the Defense Ministry says.

The Ministry wrote:

  • On 05 September 2024, the UK National Cyber Security Centre publicly assessed that the Russian Military Intelligence (GRU) Unit 29155 has been responsible for a series of offensive cyber operations targeting victims globally since at least 2020. At least some of the group’s cyber operations have almost certainly been aimed at supporting the Russian invasion of Ukraine.
  • Operations have included the ‘WhisperGate’ destructive wiper malware, which was used against Ukrainian targets in 2022. Other activities have included website defacements and network scanning for espionage purposes. WhisperGate was previously attributed to the Russian state; this new advisory specifically links the attack to GRU Unit 29155.
  • Unit 29155 is assessed to be responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Offensive cyber operations therefore mark a development in the capabilities of Unit 29155. This further highlights the value the Russian state places on cyberspace in the context of their invasion of Ukraine.

According to Western intelligence and investigative reports, the unit has been active since at least 2008, with notable operations including the attempted assassinations of Bulgarian arms dealer Emilian Gebrev, former GRU Colonel Sergei Skripal, and involvement in the 2014 Vrbětice ammunition depot explosions in the Czech Republic. The New York Times and Bellingcat have both reported on its role in these activities, with Russia denying all accusations.

Related:

You could close this page. Or you could join our community and help us produce more materials like this. 

We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society.

A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support.

Become a Patron!