Jun 16, 2023 10:10:00

Microsoft releases detailed information about Russian threat actor 'Cadet Blizzard' that launched destructive malware attack on Ukraine

Microsoft has released detailed information about the Russian-state-backed threat actor Cadet Blizzard . 'Cadet Blizzard' is a threat actor formerly known as 'DEV-0586' and is believed to have been active since at least 2020.

Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/

Ongoing Russian cyberattacks targeting Ukraine - Microsoft On the Issues

https://blogs.microsoft.com/on-the-issues/2023/06/14/russian-cyberattacks-ukraine-cadet-blizzard/

Microsoft links data wiping attacks to new Russian GRU hacking group
https://www.bleepingcomputer.com/news/security/microsoft-links-data-wiping-attacks-to-new-russian-gru-hacking-group/

Cadet Blizzard is the group that carried out the destructive malware “Whispergate Wiper” attack against organizations affiliated with the Ukrainian government in January 2022, when Microsoft still identified it as DEV-0586.

Microsoft identifies destructive malware targeting Ukrainian government agencies, looks like ransomware and has no ransom collection mechanism - GIGAZINE

According to Microsoft, Cadet Blizzard has been active since around 2020 and targets various organizations in Europe and Latin America. Most recently, it has targeted Ukraine and NATO members that provide military support to Ukraine. After June 2022, the activity has not been confirmed, but it has been active again since the beginning of 2023.

Russia's threat actors are known as 'Seashell Blizzard' and 'Forest Blizzard'. All threat actors, including Cadet Blizzard, are associated with the Russian General Staff Intelligence Directorate (GRU), although Cadet Blizzard appears to be in a slightly different position.

Regarding Cadet Blizzard, Microsoft wrote, ``The emergence of actors who have carried out destructive cyber attacks in Ukraine that are likely to support broader military objectives is a notable development in Russian cybercrime.''

However, Cadet Blizzard also features a relatively low success rate compared to other threat actors. Seashell Blizzard's wiper attack in February 2022 affected more than 200 systems in 15 organizations, while Cadet Blizzard's Whispergate wiper attack destroyed enemy networks. Despite being trained, the range of influence was extremely narrow and the impact was small.

Although the attack success rate remains low after the resumption of activity in early 2023, some attacks are successful, and Microsoft is sharing information with customers to increase visibility and strengthen protection against attacks. .