According to Microsoft, a hacker group called Cadet Blizzard, which has been linked to Russia’s Main Intelligence Directorate (GRU), is responsible for a series of cyberattacks against Ukraine and its Western allies in 2022 and this year.
Microsoft’s threat intelligence teams have identified Cadet Blizzard as the group behind these cyberattacks. In a blog post, the company said that this criminal organisation is targeting Ukraine and NATO member states that provide military assistance to the country in conflict. Microsoft said that Cadet Blizzard was responsible for the devastating attacks on Ukraine in January 2022, which took place before Russia’s invasion of the country – WhisperGate. The group was also involved in attacks on Ukrainian websites in early 2022.
In addition to Ukraine, Microsoft believes that Cadet Blizzard hackers have targeted various organisations in Europe and Latin America. According to Microsoft, the hacker group has been active since 2020. Microsoft has warned that the Russian hacker group Cadet Blizzard remains consistently active in cyberspace and strategically conducts its operations outside of the working hours of its main targets to minimise the likelihood of detection.
According to Microsoft, Cadet Blizzard uses stolen passwords and credentials to hack into Internet servers that have weaker security measures. The group also uses web shells to maintain access and employs “offline living” techniques, using legitimate commands to pass through the networks of its targets. By using this technique, Cadet Blizzard is able to disguise its activities as legitimate network traffic, making their malicious activities difficult to detect. However, despite its ties to Russia, Cadet Blizzard has demonstrated lower effectiveness compared to other hacker groups with ties to the country.
Microsoft emphasised that the WhisperGate attack carried out by Cadet Blizzard in January 2022 affected a much smaller number of systems and had relatively modest consequences, despite their preparation aimed at disrupting networks in Ukraine.
Cadet Blizzard activity increased between January and June 2022, and then subsided before reappearing in early 2023. However, the latest cyber operations conducted by Cadet Blizzard, although sporadically successful, failed to achieve the same impact as those conducted by their GRU counterparts, as stated by Microsoft.
Read also:
- The European Parliament recognises the blowing up of the Kakhovka hydroelectric power station as a war crime by Russia
- Ukrainian PzH 2000 sets a new record