Microsoft discovered a new group of hackers targeting Ukraine. The traces lead to Russian intelligence

Cadet Blizzard and points out that hackers are responsible for a series of attacks conducted since February this year. aimed primarily at Ukraine, the countries supporting it and the NATO alliance. What’s more, thanks to the new analysis, it was possible to link the group to hacking attacks from January 2022, i.e. before the full-scale attack of the Russian army on Ukraine.

A group of hackers targeting Ukraine has been detected. Associated with the Russian GRU

Experts from the American company have noticed that the Russians use stolen credentials to target government agencies and IT service providers in Ukraine and supporting countries. Microsoft explains that by gaining access to victims’ servers, they try to maintain their presence by hiding behind legitimate network traffic, acquiring more and more data and disrupting the network. Cadet Blizzard is active seven days a week, but it mainly conducts its attacks outside of the working hours of its main targets, when the risk of being detected is lower. Experts believe that the group has been active since 2020 and has previously attacked other targets in Europe and Latin America, but is only active periodically. It was supposed to be most active between January and June 2022 and from the beginning of this year.

According to the Microsoft team, Cadet Blizzard is linked to the GRU (Main Intelligence Directorate), Russia’s military intelligence institution, which means it is most likely funded directly by the Russian regime. Experts point out that while the group has had some success recently, it is surprisingly ineffective compared to other GRU-linked hacker groups. At the beginning of 2022, hackers from Cadet Blizzard managed to successfully damage a number of Ukrainian websites, but the “Free Civilian” channel on Telegram, where they share the stolen information, has very little popularity (1.3 thousand followers).