Rewterz Threat Alert - Russian GRU-Linked APT Group Identified in Data Wiping Attacks - Active IOCs
Researchers have attributed the operations of a Russia-linked APT group, known as Cadet Blizzard, to the Russian General Staff Main Intelligence Directorate (GRU). Cadet Blizzard is distinct from other GRU-controlled APT groups due to the highly disruptive nature of their operations, including wiping attacks that intentionally destroy or delete data on targeted systems. The group has been active since at least 2020, primarily targeting government services, law enforcement agencies, non-profit and non-governmental organizations, IT service providers and consulting firms, and emergency services in Ukraine. Microsoft Threat Intelligence Center (MSTIC) initially identified Cadet Blizzard as DEV-0586, a threat group engaging in destructive malware attacks against multiple organizations in Ukraine in January 2022. The group gained attention for their creation and deployment of the WhisperGate wiper, a type of malicious software designed to destroy or erase data on targeted systems. In addition to conducting destructive attacks, the group was also observed defacing the websites of several Ukrainian organizations. Microsoft has reported a recent increase in Cadet Blizzard's activity in January 2023, targeting entities in Ukraine and Europe. Researchers have raised concerns that Cadet Blizzard may potentially target NATO member states that are actively supporting the military operations of the Ukrainian government. To combat the operations of Cadet Blizzard, organizations are advised to block all threat indicators, search for IOCs in their environment, carefully examine remote access infrastructure authentication logs, implement multifactor authentication (MFA), activate CFA to safeguard against modification of Master Boot Record (MBR) and Volume Boot Record (VBR), prevent lateral movement within the network, and activate cloud-delivered protection in Microsoft Defender Antivirus or an equivalent product. Malware: WhisperGate, CadetBlizzard [View Article](https://www.rewterz.com/rewterz-news/rewterz-threat-alert-russian-gru-linked-apt-group-identified-in-data-wiping-attacks-active-iocs/)