Intelligence agencies detail alleged ‘brute-force’ hacking methods


Russian military intelligence has run a “brute-force” cyber campaign that lasted at least a year and a half, targeting cloud and network services of US and global organizations, American and British intelligence agencies said on Thursday.

According to a cybersecurity consultant, the cyber campaign went after government and military organizations, political parties and consultants, think tanks, law firms, media companies, educational institutions, defense contractors, logistics companies and energy companies. National Security Agency, FBI, Cyber ​​Security and Infrastructure Security Agency, and part of the UK Government Communications Centre.

“At least from mid-2019 to early 2021, Russia’s Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes® cluster to conduct widespread, distributed and anonymized brute-force access attempts around the world. Read intelligence agencies’ cybersecurity advice against hundreds of government and private sector targets around the world.” Malicious cyber activity of GTsSS has previously been associated by the private sector using Fancy Bear, APT28, Strontium, and various other identifiers. 85. GTsSS directed a significant portion of this event to organizations using Microsoft Office 365® cloud services; however, they also targeted other service providers and in-house email servers using a variety of different protocols.”

NSA Cyber ​​Security Director Rob Joyce tweeted that the use of multi-factor authentication will go a long way in tackling the Russian threat, which he says is “probably ongoing.”

By NSACyber ​​attackers have used brute-force techniques to discover valid credentials through extensive login attempts and sometimes by guessing common passwords or using leaked usernames and passwords.

“While the brute-force technique is not new, GTsSS has uniquely leveraged software containers to easily scale brute-force attempts,” he said. NSA In a statement. “Once valid credentials were discovered, GTsSS combined them with various publicly known vulnerabilities to gain greater access to victim networks. This, along with various techniques detailed in the advisory, also allowed actors to evade defense and to collect and leak various information on networks, including mailboxes.

Details of the Russian hacking efforts follow the Biden administration’s previous actions, blaming the Russian Foreign Intelligence Service (SVR) for hacking the SolarWinds computer network management software, which imposed sanctions on Russia and compromised nine US federal agencies.

While SVR draws attention to the SolarWinds debacle, Thursday’s warning serves as a reminder not to ignore the GRU as well, according to John Hultquist, vice president of Mandiant division at cybersecurity firm FireEye.

“Don’t sleep in the GRU,” tweeted Mr. Hultquist. “Russia’s most aggressive talent is not lost. At least, cyber espionage is here to stay. kudos CISA/FBI/NSA for adding friction to their operations.”

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *