GRU-backed cyberattacks: What they are, how to defend against them

The most notorious cyber-attack groups are those backed by the Russian GRU. For those who are unfamiliar, the GRU is the Main Directorate of the General Staff of the Armed Forces of the Russian Federation. These threat actors have been active for some time, including the attacks against the Democratic National Committee, the 2016 presidential campaign, a U.S. nuclear facility, an international chemical weapons non-proliferation organization, and many others.

In 2018, five GRU officers were indicted as being part of activities associated with APT28. The U.S. Department of State recently floated a $10 million reward for anyone with knowledge that leads to the “identification or location” of six Russian GRU officers.

While most enterprises don’t consider themselves targets of such advanced threat actors, this would be a serious mis-assessment. Any company that works within any of the critical infrastructure industries, which include sectors such as healthcare, energy, and financial services, are at risk. Additionally, these advanced threat actors publicly release some of their advanced cyber munitions, enabling everyday cyber criminals to easily take advantage and integrate them within their own campaigns.

CISA’s warnings about Russia

According to an advisory issued by theCybersecurity and Infrastructure Security Agency (CISA) and similar agencies from many other nations, Russian state-sponsored threat actors have shown themselves to be quite capable of breaching networks and gaining persistence on those networks, in addition to stealing data and disrupting operations when there.

“Historical operations have included deployment of destructive malware—including BlackEnergy and NotPetya—against Ukrainian government and critical infrastructure organizations. Recent Russian state-sponsored cyber operations have included DDoS attacks against Ukrainian organizations,” CISA’s advisory said.

According to CISA, the threat actors following the GRU include:

  • The Russian Federal Security Service (FSB), including FSB’s Center 16 and Center 18
  • Russian Foreign Intelligence Service (SVR)
  • Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center…