Cyber Threat Actor: National Republican Army
| Actor Type | Location | Known Incidents |
Activist
|
Russia
|
1 incident |
|---|
Profile
The National Republican Army (NRA) is a Russian hacking group that also uses the same acronym as an alias. Open‑source reporting locates the organization’s activity within Russia. The NRA describes itself as working toward the overthrow of the Putin regime and cites opposition to the war in Ukraine as its primary motivation. Its stated strategic objective is to undermine and terrorize entities that support the Russian government.
The NRA’s targeting has been observed against Russian organizations that provide software development services to government clients, as well as against an IT retail company. These targets are situated domestically within Russia, indicating a focus on internal entities rather than foreign actors. Reported tactics involve gaining initial access through compromised external servers located outside the Russian Federation and maintaining prolonged unauthorized presence within victim networks. No specific malware families, toolkits, or exploit tools are mentioned in the available sources.
In October 2022 the NRA claimed responsibility for a breach of Unisoftware, a Russian software developer that works closely with government clients, asserting the theft of banking credentials, employee personal data, phone numbers, addresses, contracts and proprietary source code for its clients and software. The group also noted that data from several Russian clients was included in the stolen material. The Kyiv Post reported that it reviewed materials shared by the NRA and confirmed the authenticity of the leaked data. A separate incident involving the Russian IT retailer DNS was linked to the NRA by the retailer’s statement that the attack originated from external servers and resulted in the exposure of an unspecified volume of customer and employee personal information while payment card data remained unaffected; DNS said it had found gaps in its information‑security protections and was working to strengthen them. The NRA further claimed to have maintained access for months and indicated intent to continue targeting entities that support the regime, although details of additional alleged compromises could not be independently verified.
