GRU - Russian Main Directorate of the General Staff

Actor Type	Nation State
Attributed to Nation	Russia
Associated Intrusion Sets	FROZENBARENTS

The GRU is Russia's military intelligence agency. GRU officers have been indicted for multiple cyber related offences including NotPetya (2017), attacks against the 2018 Olympics and against the 2016 US elections.

Associated APT groups include APT28/Fancy Bear (GRU Unit 26165) and Sandworm (GRU Unit 74455).

Cyber Threat Graph Context

Explore how this cyber threat actor relates to the wider threat graph

GRU - Russian Main Directorate of the General Staff Threat Reports

Report

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...

View Source

Report

AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine

This blog post by researchers at SentinelLabs describes a new variant of the AcidRain malware which they call AcidPour. The report includes ...

View Source

References

GRU - Russian Main Directorate of the General Staff

Cyber Threat Graph Context

GRU - Russian Main Directorate of the General Staff Threat Reports

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine

References

crsreports.congress.gov

www.microsoft.com

www.gov.uk

services.google.com

www.sentinelone.com