NSA reveals hacking methods it says are used by Russia

[ad_1]

WASHINGTON (AP) — US and British agencies disclosed on Thursday details of “brute-force” methods they say have been used by Russian intelligence to try to hack into the cloud services of hundreds of government agencies, energy companies and other organizations.

An advisory issued by the US National Security Agency describes attacks by agents affiliated with the US National Security Agency. Russian military intelligence agency GRUpreviously linked to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.

NSA Director of Cybersecurity Rob Joyce said in a statement that the campaign “probably continues on a global scale”.

Brute force attacks involve automatically spraying sites with potential passwords until hackers gain access. The consultancy urges companies to adopt methods long promoted by experts as prudent cyber hygiene, including using multi-factor authentication and enforcing strong passwords.

The advisory, released amid a devastating wave of ransomware attacks on governments and critical infrastructure, doesn’t disclose the specific targets or supposed purpose of the campaign, just says the hackers have targeted hundreds of organizations around the world.

NSA says GRUAt least from mid-2019 to early this year, affiliate operators attempted to break into networks using Kubernetes, an open-source tool originally developed by Google for managing cloud services. The NSA said that while a “significant amount” of hacking attempts targeted organizations using Microsoft’s Office 365 cloud services, the hackers also went after other cloud providers and email servers.

The United States has long accused Russia of using and indulging in cyberattacks to spy, spread disinformation, and disrupt governments and basic infrastructure. The Russian Embassy in Washington did not immediately respond to a request for comment Thursday.

Joe Slowik, a threat analyst at network monitoring firm Gigamon, said the activity, announced Thursday by the NSA, GRU made an already popular technique for hacking networks even easier. He said it appears to coincide with Department of Energy reports on brute-force intrusion attempts targeting the U.S. energy and government sectors in late 2019 and early 2020, something the U.S. government has been aware of for some time.

Slowik said the use of Kubernetes is “definitely somewhat unique, but on its own it doesn’t seem alarming.” Brute force and lateral movement within networks identified by the NSA is common among state-sponsored hackers and criminal ransomware gangs, and GRU to mingle with other players.

John Hultquist, vice president of analytics at cybersecurity firm Mandiant, described the activity described in the advisory as “routine gathering against policymakers, diplomats, the military and the defense industry.”

“This is a good reminder, GRU “There remains an impending threat, which is particularly important given the upcoming Olympics,” Hultquist said in a statement.

The FBI and the Cybersecurity and Infrastructure Security Agency participated in the consultation, as did the British National Cyber ​​Security Centre.

GRU It has been repeatedly associated with a number of hacking incidents in recent years by US authorities. In 2018, the office of special counsel Robert Mueller accused 12 military intelligence officers of hacking Democratic emails published by WikiLeaks in an attempt to harm Hillary Clinton’s presidential campaign and boost Donald Trump’s bid.

More recently, the Justice Department announced the charges against him last fall. GRU Officers involved in cyberattacks targeting the French presidential election, the Winter Olympics in South Korea, and American businesses.

Unlike SVR, Russia’s foreign intelligence agency, which has been blamed for the SolarWinds offensive campaign and has been careful not to be detected in its cyber operations, GRU It has carried out some of the most damaging cyberattacks to date, including two attacks on Ukraine’s power grid and the 2017 NotPetya virus, which caused more than $10 billion in damage worldwide.

GRU The operators were also involved in the spread of disinformation related to the coronavirus pandemic, US officials claimed. And an American intelligence review in March states: GRU In 2019 and 2020, he tried to track people down in US politics and launched a phishing campaign against subsidiaries of Ukrainian energy company Burisma to gather information that would likely harm President Joe Biden, whose son had previously served on the board.

In April, the Biden administration imposed sanctions after tying Russia to election interference and a SolarWinds violation.

Sign up for Daily Newsletters

Copyright © 2021 Washington Times, LLC.



[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *