The Insider; Investigations: Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from, and why it failed
This is a very long expose in Russian - you will need a translator plug in or service to read it.
Excerpt:
GRU Unit 29155 became famous worldwide for the unsuccessful poisonings of Skripal in Salisbury and Yemelyan Gebrev in Bulgaria with Novichok, as well as the explosions of military warehouses in Bulgaria and the Czech Republic, but until recently few people knew about their hacking activities.
Due to the fact that the hackers' server was practically unprotected, The Insider was able to gain access to it and discover a full list of GRU targets: from Ukrainian state-owned companies to infrastructure facilities in Europe, a Qatari bank and even medical clinics around the world.
Having studied the hackers' calls, flights and correspondence, The Insider identified several dozen members of the group, among whom were convicted hacker-carders, fresh out of college students and veterans of GRU poisoning and sabotage operations with no experience in IT.
Most of the hacker and information-sabotage operations of 29155 failed, and this is not surprising, given that the heads of the hacker department publicly talked about their low motivation, used cover identities to meet with mistresses and sex workers (thereby giving out their personal data) and “sawed up” funds intended for sabotage work in Ukraine.
In September 2024, the FBI published an indictment against a group of hackers working for GRU Unit 29155, the same military unit that became famous for poisoning Skripal in Salisbury. It has long been known that the GRU has hacker units, The Insider was the first to prove this back in 2017, and then it was about military unit 26165, known as Fancy Bear or APT28 and famous for hacking Hillary Clinton, Emmanuel Macron and various international organizations.
Later it turned out that another group, known as Sandworm ( military unit 74455), also works under the GRU's roof, creating the most destructive virus NotPetya, turning off power plants in Ukraine and attacking NATO military facilities. But the fact that Unit 29155, which was engaged in murders and sabotage, also has its own hackers, sounded strange and surprising.
The Insider managed to gain access to the cache of the hacker group's server log, which (recognizable GRU handwriting!) turned out to be unprotected. By comparing this with data from social networks and leaked databases, and by talking to some sources, The Insider reconstructed the picture of this group's activities in all its details.
https://theins.press/inv/281701
