Special unit of hackers is responsible for monitoring, disrupting Western military support for Ukraine in Russian intelligence – Dutch Ministry of Defence
Russian military intelligence (GRU) is actively engaged in cyberspace, and the special cyber unit of the GRU Unit 29155, better known as APT28, is responsible for this, the purpose of which, in particular, is to monitor and disrupt Western military support for Ukraine, the Ministry of Defense of the Netherlands said, citing research by a number of specialized structures.
"These include the U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). This was also established by the Federal Bureau of Investigation (FBI) and the Dutch Military Intelligence and Security Service (MIVD)," the Ministry of Defense of the Netherlands said on the webiste on Wednesday.
It is noted that the purpose of the cyber unit of the Russian military intelligence is, among other things, monitoring and disrupting Western (military) support for Ukraine. The NSA, CISA, FBI, MIVD and more than fifteen other international services warn about this in the so-called Cybersecurity Advisory.
According to the director of the MIVD, Vice Admiral Peter Reesink, APT28 is of great strategic importance for Russia in the war with Ukraine. "In particular, APT28 aims to obtain military, diplomatic and economic information about Ukraine and NATO allies. Through its operations, this GRU unit tries to obtain information about the transportation of Western military aid. This happens both inside Ukraine and outside it. That is why countries such as the Netherlands, which are part of the supply route, are the target of these cyber operations," the vice admiral said.
The report notes that in September 2024, the U.S. Department of the Interior had already warned about cyber operations by this GRU unit with the same goal: disrupting Western aid to Ukraine. At that time, the United States, together with the MIVD and other partner services, also issued warnings and technical recommendations. This included not only how countries and organizations could recognize the activities of unit 29155. It also provided options for protecting against it. In 2018, hackers from APT28 traveled to the Netherlands with the intention of organizing a cyber operation.
The target was the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague. The operation was disrupted, and the four Russian intelligence officers involved were expelled from the country. This prevented the OPCW systems from being hacked at the time. At that time, this organization was investigating, among other things, the poisoning of Russian Sergei Skripal and his daughter.
