Russian Military Hackers Accused Of Global Campaign

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the UK's National Cyber Security Centre have released a joint advisory statement accusing Unit 26165 of Russia's GRU militray intelligence agency of being behind what they call a global campaign "to compromise enterprise and cloud environments". 

There are said to be hundreds of targets around the world, including political parties and democratic institutions.

The group working for the GRU allegedly stole and leaked Democrat emails during the US 2016 presidential election.  The US says the group belongs to the 85th Main Special Service Center of the GRU, which is sometimes called Fancy Bear, APT28 or Strontium.

One of the recent targets was the Norwegian parliament in the summer of 2020. Microsoft has also said that the same campaign targeted US and UK organisations directly involved in political elections. Microsoft has detected cyber-attacks targeting people and organisations involved in the recent presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns

The campaign is said to have begun in mid-2019 and to be "almost certainly" ongoing. It has mainly been directed at organisations using Microsoft Office 365 cloud services, but other service providers have also been targeted. The attack is relatively unsophisticated, with the hackers using multiple attempts to log in with different passwords to try to access systems. 
They are alleged to have used specialist software to scale up these efforts and to have used Virtual Private Networks and Tor, an anonymising system, to try to hide what they were doing. 

In its September 2020 warning about the group, Microsoft said they used 1,000 constantly rotating IP addresses. Once they get in, Russian hackers then are said to have stolen data, including emails, as well as further log-in information to allow them to burrow deeper.

The US and the UK is encouraging those responsible for protecting computer systems to review their systems for indicators they have been compromised. 

NCSC:     Microsoft:      Just Security:    BBC:    Vestnik Kazkava:     Illinois Today:

You Might Also Read: 

Microsoft’s Defensive Playbook:

 

« The Qualities That Make A Successful Cyber Team
Seven Steps To Create An Effective Disaster Recovery Plan »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.