The group "UNC2589", which is linked to a unit within the Russian intelligence service GRU, is behind a series of cyber attacks on several NATO and EU countries, announces the German intelligence service BFV on X.
According to BFV, the group's task is to spy and carry out sabotage, including by making stolen data public.
The group is said to be subordinate to the Russian GRU's unit 29155, which is suspected of involvement in the poisoning of double agent Sergei Skripal and his daughter in British Salisbury in 2018.
The German warning is being sent out in cooperation with the American federal police FBI, the IT security authority Cisa, and the intelligence service NSA. According to the American authorities, the Russian group has carried out cyber attacks on countries around the world since at least 2020.
Among other things, actors belonging to "UNC2589" are said to have attacked Ukrainian crime and war victim organizations with malicious software since January 2022, the month before Russia's full-scale invasion.
