Russian Military Hackers Accused Of Global Campaign

Uploaded on 2021-07-12 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--International, FREE TO VIEW, TECHNOLOGY--Hackers

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the UK's National Cyber Security Centre have released a joint advisory statement accusing Unit 26165 of Russia's GRU militray intelligence agency of being behind what they call a global campaign "to compromise enterprise and cloud environments". 

There are said to be hundreds of targets around the world, including political parties and democratic institutions.

The group working for the GRU allegedly stole and leaked Democrat emails during the US 2016 presidential election.  The US says the group belongs to the 85th Main Special Service Center of the GRU, which is sometimes called Fancy Bear, APT28 or Strontium.

One of the recent targets was the Norwegian parliament in the summer of 2020. Microsoft has also said that the same campaign targeted US and UK organisations directly involved in political elections. Microsoft has detected cyber-attacks targeting people and organisations involved in the recent presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns

The campaign is said to have begun in mid-2019 and to be "almost certainly" ongoing. It has mainly been directed at organisations using Microsoft Office 365 cloud services, but other service providers have also been targeted. The attack is relatively unsophisticated, with the hackers using multiple attempts to log in with different passwords to try to access systems. 
They are alleged to have used specialist software to scale up these efforts and to have used Virtual Private Networks and Tor, an anonymising system, to try to hide what they were doing. 

In its September 2020 warning about the group, Microsoft said they used 1,000 constantly rotating IP addresses. Once they get in, Russian hackers then are said to have stolen data, including emails, as well as further log-in information to allow them to burrow deeper.

The US and the UK is encouraging those responsible for protecting computer systems to review their systems for indicators they have been compromised. 

NCSC:     Microsoft:      Just Security:    BBC:    Vestnik Kazkava:     Illinois Today:

You Might Also Read: 

Microsoft’s Defensive Playbook:

 

« The Qualities That Make A Successful Cyber Team
Seven Steps To Create An Effective Disaster Recovery Plan »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

RedSense

RedSense

RedSense provides industry-leading threat intelligence services, adversary space interaction & monitoring, net flow monitoring and interpretation for our clients.