Russian GRU Unit 29155 is best known for its long list of murder and sabotage ops, which include the Salisbury poisonings in England, arms depot explosions in Czechia, and an attempted coup d’etat in Montenegro. But its activities in cyberspace remained in the shadows — until now. After reviewing a trove of hidden data, The Insider can report that the Kremlin’s most notorious black ops squad also fielded a team of hackers — one that attempted to destabilize Ukraine in the months before Russia’s full-scale invasion.
For members of Russia’s most notorious black ops unit, they look like children. Even their photographs on the FBI’s “wanted” poster show a group of spies born around the time Vladimir Putin came to power in Russia. But then, hacking is a young man’s business.
In August 2024, the U.S. Justice Department indicted Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, Nikolay Korchagin, Amin Stigal and Yuriy Denisov for conducting “large-scale cyber operations to harm computer systems in Ukraine prior to the 2022 Russian invasion,” using malware to wipe data from systems connected to Ukraine’s critical infrastructure, emergency services, even its agricultural industry, and masking their efforts as plausibly deniable acts of “ransomware” – digital blackmail. Their campaign was codenamed “WhisperGate.”
The hackers posted the personal medical data, criminal records, and car registrations of untold numbers of Ukrainians. The hackers also probed computer networks “associated with twenty-six NATO member countries, searching for potential vulnerabilities” and, in October 2022, gained unauthorized access to computers linked to Poland’s transportation sector, which was vital for the inflow and outflow of millions of Ukrainians – and for the transfer of crucial Western weapons systems to Kyiv.
More newsworthy than the superseding indictment of this sextet of hackers was the organization they worked for: Unit 29155 of Russia’s Main Intelligence Directorate of the General Staff, or GRU. In the past decade and a half, this elite team of operatives has been responsible for the Novichok poisonings of Russian ex-spy Sergei Skripal and Bulgarian arms manufacturer Emilian Gebrev, an abortive coup in Montenegro, and a series of explosions of arms and ammunition depots in Bulgaria and Czechia.
Unit 29155 is Russia’s kill and sabotage squad. But now they were being implicated for the first time as state hackers. Moreover, the U.S. government made a compelling case that Unit 29155 was engaged in cyber attacks designed to destabilize Ukraine in advance of Russian tanks and soldiers stealing across the border – if this were true, it would mean that at least one formidable arm of Russian military intelligence knew about a war that other Russian special services were famously kept in the dark about. This hypothesis is consistent with prior findings by The Insider showing that members of 29155 were deployed into Ukraine a few days before the full-scale invasion.
