Czech intelligence aids FBI in exposing GRU-linked cybercriminal

Czech military intelligence and the Security Information Service (BIS) have assisted the U.S. Federal Bureau of Investigation (FBI) in uncovering a cybercriminal tied to the Russian military intelligence service GRU. The Czech Military Intelligence Service announced the breakthrough in a press release today. The investigation uncovered cyber threats linked to GRU’s Unit 29155, the same unit that Czech authorities associated with the 2014 ammunition depot explosion in Vrbětice, Zlín Region.

The suspect, linked to Unit 29155, had been engaged in cyber sabotage, espionage, and attempts to tarnish reputations, with activities dating back to 2020. One notable attack occurred in January 2022 when the hacker deployed WhisperGate malware in an assault on Ukraine. The National Cyber and Information Security Bureau (NCIS) confirmed that the unit had targeted NATO countries, along with nations in Europe, Latin America, and Central Asia.

The joint investigation, spearheaded by the FBI, aimed to expose the GRU unit’s operations in cyberspace. “This cooperation has led to a comprehensive recommendation that will help organizations worldwide better safeguard their systems,” Czech Military Intelligence said. The recommendation, as summarized by NCIS, provides an in-depth profile of Unit 29155, detailing its tactics and strategies.

BIS revealed on social media platform X that the FBI has issued international arrest warrants as a result of the investigation. “In the current security climate, working with global partners is vital for the Czech Republic,” the intelligence agency emphasized.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) were also involved, along with intelligence partners from the U.K., Australia, Canada, Germany, the Netherlands, Estonia, and Latvia. “The unit’s activities included website compromises, infrastructure scanning, and data exfiltration, which they would then sell or publicly release,” NCIS stated. From early 2022, the unit’s focus shifted to disrupting international cyber efforts aimed at aiding Ukraine.

Earlier this year, Czech authorities confirmed the country’s participation in Operation Dying Ember, an international effort to counter Russian intelligence activities in cyberspace. Led by the U.S., this operation targeted compromised routers exploited by APT28, another actor connected to GRU. Military Intelligence reported that the operation had successfully dismantled portions of this global cyber-infrastructure in January.

Source: CTK