The Estonian Internal Security Service (ISS) has found out, as a result of a joint international operation, that a military unit under the command of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) has been carrying out cyberattacks against Ukraine, NATO, and EU countries, including Estonia.

Source: ERR, an Estonian public broadcaster, as reported by European Pravda

Details: The ISS, during a joint operation with the services of ten countries, found that military unit 29155 of the Russian General Staff of the Armed Forces had created cyber capabilities and, since 2020, had been carrying out cyberattacks against Ukraine, NATO and EU countries, including Estonia, the ISS, the Police and Border Guard Board (PPA), and the Prosecutor's Office said.

The Central Criminal Police, under the leadership of the State Prosecutor's Office, conducted a criminal investigation that found that the same unit had carried out attacks on Estonian government agencies in 2020. During the criminal proceedings, three officers of the General Staff of the Russian Armed Forces – Yuri Denisov, Nikolay Korchagin and Vitali Shevchenko – were identified as suspects in the attacks.

"We identified the first leads and suspects early in the investigation, which allowed us, in cooperation with other agencies, to prevent more extensive damage and its spread," said Ago Ambur, Head of the Cybercrime Bureau.

The State Prosecutor's Office applied to the Harju County Court to issue arrest warrants for three suspects connected to cyberattacks in Estonia. The court granted the request and issued the warrants in absentia.

Prosecutor Vahur Verte said the three men are on the international wanted list based on the arrest warrants.

Quote Vahur Verte: "Although the suspects are currently believed to be in Russia, the international search and arrest warrants mean that if they travel outside of Russia, there is a real risk that a country may detain them and extradite them to Estonia for trial."

At various stages of the joint investigation, the ISS shared important information with international partners, which supplemented the information already available, especially regarding the cyber unit that carried out the attack. The United States also offered a US$10 million reward for those identified in Estonia.

This military unit of the General Staff of the Russian Armed Forces is responsible for coup attempts, sabotage and subversive operations, and assassination attempts in Europe. Estonian security agencies have noted that cyberattacks created by this military unit pose a threat to Estonia's national security.

"Cyber operations for sabotage, intelligence gathering or information warfare are key components of the Russian Federation's military doctrine of hybrid warfare. We defend Estonia's national security also in cyberspace, and in addition to physical spies, we also expose cyber spies," commented ISS Director General Margo Palloson.

Unit 29155 continued its activities against Estonian and other countries’ state networks. The Estonian security agencies added that the attacks had been detected and prevented thanks to the cooperation in cybersecurity between the Central Criminal Police, the ISS, and the Information System Authority (RIA, CERT-EE).

The Ministry of Economic Affairs and Communications, the Ministry of Social Affairs, and the Ministry of Foreign Affairs were subjected to cyberattacks in November 2020. The criminals gained access to servers but not to state secrets.

Background:

Estonia and nine other states launched the Tallinn Mechanism in December last year to strengthen cyber support for Ukraine in the civic sphere.

The Tallinn Mechanism operates in parallel with the IT Coalition, which addresses Ukraine's cyber issues in the military.

