This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire, and how both countries targeted the telecommunications, critical infrastructure, and technology sectors. 

If you need to catch up, please read Part 1, Part 2, and Part 3.

In this final installment, we shine a spotlight on Russian state-backed actors and their operations.

In September 2024, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) assessed that the infamous UNC2589 group (also known as Cadet Blizzard, Ember Bear, and UAC-0056) is affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).