A cyber group associated with the 29155 unit of Russia’s military intelligence agency, the GRU, has prompted a warning from German intelligence due to its suspected involvement in a series of cyberattacks targeting NATO and the EU.
The warning was part of a coordinated effort with international agencies, including the FBI, U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the NSA, according to a report by Reuters.
On Monday, September 9, Germany’s Federal Office for the Protection of the Constitution (Bundesverfassungsschutz) publicly named the group, known as UNC2589, which also operates under aliases such as “Cadet Blizzard” and “Ember Bear.”
The intelligence agencies accused the group of conducting espionage and sabotage, often damaging websites and leaking stolen data as part of its operations.
These attacks, the agencies noted, are part of a broader pattern of cyber aggression aimed at destabilising Western institutions and extracting sensitive information.
Disruptive activities and cyber espionage of the Russian UNC2589 group
The poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in the UK in 2018 clearly demonstrates this unit’s capability and willingness to engage in hostile activities beyond cyberattacks.
In 2020, Russian military intelligence hackers linked to the same unit launched a cyberattack that compromised tens of thousands of Estonian documents, including sensitive internal and trade secrets, underscoring the broad scope of its operations.
Such breaches demonstrate the GRU’s intent to undermine not only political and military stability but also economic security within targeted nations.
The GRU is not only collecting intelligence, but also seeking to weaken the cohesion and functionality of Western alliances by targeting NATO and EU institutions.
The coordinated response from agencies like the FBI, CISA, and NSA signals a robust approach, but it also emphasises the need for vigilance and stronger cyber defences within NATO and EU institutions, which remain prime targets for future attacks.