GRU Unit 26165
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Russia |
| Associated Intrusion Sets | Forest Blizzard , STRONTIUM , Fancy Bear , APT28 |
GRU Unit 26165 is also known as the 85th Main Special Service Center (GTsSS). GTsSS has been publicly attributed as the threat actor behind APT28 or FANCY BEAR. CISA reports that the group primarily targets government organizations, travel and hospitality entities, research institutions, and non-governmental organizations, in addition to other critical infrastructure organizations.
Cyber Threat Graph Context
Explore how this cyber threat actor relates to the wider threat graph
GRU Unit 26165 Threat Reports
Report
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...