U.S. Offers $10 Million Reward for Information on Russian Cadet Blizzard Hackers Behind Major Cyber Attacks
The U.S. government, in collaboration with international partners, has officially attributed a Russian hacking group, Cadet Blizzard, to the GRU’s 161st Specialist Training Center (Unit 29155). This group has been responsible for numerous cyberattacks, targeting critical infrastructure and government sectors around the globe since 2020.
According to the joint advisory, Cadet Blizzard’s recent focus has been to disrupt efforts supporting Ukraine, with attacks on NATO members, the European Union, and countries in Central America and Asia. The U.S. is now offering a $10 million reward for information on the hackers involved.
Cadet Blizzard: A Coordinated Cyber Espionage Group
Also known as Ember Bear, Nodaria, FROZENVISTA, and other aliases, Cadet Blizzard gained attention in 2022 for deploying WhisperGate malware against Ukrainian organizations, just before Russia’s invasion of Ukraine. The group’s operations are linked to espionage, sabotage, and reputational damage.
In June 2024, Russian national Amin Timovich Stigal was indicted for orchestrating cyberattacks in Ukraine. Concurrently, five GRU officers from Unit 29155 have been charged by the U.S. Department of Justice with cyber intrusions and wire fraud.
Cyber Attacks and Global Targets
The group’s cyber intrusions have primarily targeted critical infrastructure sectors, including government services, financial services, energy, transportation, and healthcare, with a focus on countries providing aid to Ukraine.
Key attack techniques include:
- Website Defacements and Infrastructure Scanning
- Exploitation of Known Vulnerabilities: Targeting flaws in Atlassian Confluence, Dahua Security, and Sophos firewall products.
- Malware and Data Exfiltration: Using tools like Impacket for lateral movement and Raspberry Robin malware for initial access.
- Credential Theft: Conducting password-spraying attacks to breach Outlook Web Access (OWA) systems.
The end goal is to collect sensitive data, leak it for reputational damage, or sabotage critical systems.
$10 Million Reward for Information
In conjunction with the indictment, the U.S. Department of State’s Rewards for Justice program has announced a reward of up to $10 million for information on the five charged officers:
- Yuriy Denisov (Юрий Денисов), GRU colonel and head of cyber operations.
- Vladislav Borovkov (Владислав Боровков)
- Denis Denisenko (Денис Денисенко)
- Dmitriy Goloshubov (Дима Голошубов)
- Nikolay Korchagin (Николай Корчагин)
These officers, along with other accomplices, have engaged in cyber operations designed to sow fear and compromise data integrity.
Protective Measures for Organizations
Organizations worldwide are advised to enhance cybersecurity by:
- Prioritizing System Updates: Address known vulnerabilities promptly.
- Segmenting Networks: Limit the spread of attacks.
- Implementing Phishing-Resistant MFA: Secure all external-facing services.
The actions of Cadet Blizzard represent a significant threat to global cybersecurity, and the U.S. and its allies are actively working to bring those responsible to justice.