Russian Military Hackers Accused Of Global Campaign
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the UK's National Cyber Security Centre have released a joint advisory statement accusing Unit 26165 of Russia's GRU militray intelligence agency of being behind what they call a global campaign "to compromise enterprise and cloud environments".
There are said to be hundreds of targets around the world, including political parties and democratic institutions.
The group working for the GRU allegedly stole and leaked Democrat emails during the US 2016 presidential election. The US says the group belongs to the 85th Main Special Service Center of the GRU, which is sometimes called Fancy Bear, APT28 or Strontium.
One of the recent targets was the Norwegian parliament in the summer of 2020. Microsoft has also said that the same campaign targeted US and UK organisations directly involved in political elections. Microsoft has detected cyber-attacks targeting people and organisations involved in the recent presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns
The campaign is said to have begun in mid-2019 and to be "almost certainly" ongoing. It has mainly been directed at organisations using Microsoft Office 365 cloud services, but other service providers have also been targeted. The attack is relatively unsophisticated, with the hackers using multiple attempts to log in with different passwords to try to access systems.
They are alleged to have used specialist software to scale up these efforts and to have used Virtual Private Networks and Tor, an anonymising system, to try to hide what they were doing.
In its September 2020 warning about the group, Microsoft said they used 1,000 constantly rotating IP addresses. Once they get in, Russian hackers then are said to have stolen data, including emails, as well as further log-in information to allow them to burrow deeper.
The US and the UK is encouraging those responsible for protecting computer systems to review their systems for indicators they have been compromised.
NCSC: Microsoft: Just Security: BBC: Vestnik Kazkava: Illinois Today:
You Might Also Read:
Microsoft’s Defensive Playbook: