Russian military intelligence organized cyberattacks against Estonian institutions
As a result of an international joint operation, the Estonian Internal Security Service (ISS) identified that a military unit under the authority of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) has been conducting cyberattacks since 2020. These attacks have targeted Ukraine as well as NATO and EU member states, including Estonia.
The Estonian Internal Security Service (ISS), in collaboration with the security services of ten other countries, has identified that military unit 29155, under the authority of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), has developed cyber capabilities and has been carrying out cyberattacks since 2020. These attacks have targeted Ukraine as well as NATO and EU member states, including Estonia, according to the ISS, the Police and Border Guard Board (PPA) and the Prosecutor's Office.
The Central Criminal Police, under the direction of the Prosecutor's Office, conducted a criminal investigation which confirmed that the same unit was responsible for attacks on Estonian state institutions in 2020. The investigation identified three GRU officers suspected of involvement in the attacks: Yuri Denisov, Nikolay Korchagin and Vitali Shevchenko.
"We identified the first leads and suspects early in the investigation, which allowed us, in cooperation with other agencies, to prevent more extensive damage and spread," said Ago Ambur, head of the Cybercrime Bureau.
The Prosecutor's Office requested arrest warrants from Harju County Court for the three suspects connected to the attacks in Estonia. The court granted the request and issued warrants for their arrest in absentia.
Prosecutor Vahur Verte stated that the three men are now internationally wanted based on the arrest warrants. "Although the suspects are currently believed to be in Russia, the international search and arrest warrants mean that if they travel outside of Russia, there is a real risk that a country may detain them and extradite them to Estonia for trial," said Verte.
The ISS shared significant new and additional information with international partners throughout various stages of the investigation, particularly regarding the cyber unit responsible for the attacks. U.S. authorities have also offered a $10 million reward for information leading to the capture of the suspects identified in Estonia, according to the agencies.
This GRU military unit is also responsible for coup attempts, sabotage, subversive operations and assassination attempts across Europe. The cyber capabilities developed by this unit pose a threat to Estonia's national security, the agencies noted.
"Cyber operations for sabotage, intelligence gathering or information warfare are key components of the Russian Federation's military doctrine of hybrid warfare. We defend Estonia's national security also in cyberspace, and in addition to physical spies, we also expose cyber spies," commented ISS Director General Margo Palloson.
Unit 29155 has continued operations against Estonian networks and those of other countries. Thanks to the cooperation of the Central Criminal Police, ISS and the Information System Authority (RIA, CERT-EE), these attacks have been detected and thwarted, the agencies added.
In November 2020, cyberattacks targeted the Ministry of Economic Affairs and Communications, the Ministry of Social Affairs and the Ministry of Foreign Affairs. The perpetrators gained access to servers, but no classified information was compromised. RIA identified three criminal attacks against Estonia's IT infrastructure, one of which affected the Foreign Ministry's external website and servers, disrupting the services hosted there.
Estonia named Russia's military intelligence in a first-ever attribution of cyberattacks.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Valner Väino, Marcus Turovski