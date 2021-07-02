



FORT MEADE, Md. – The National Security Agency (NSA), Cyber ​​Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the UK National Cyber ​​Security Center (NCSC) issued a Cyber ​​Security Advisor today exposing malicious cyber activities by Russian military intelligence against the US and global organizations, starting in mid-2019 and is likely to be ongoing. This adviser is being released as part of the NSA’s routine and ongoing cyber security mission to warn network advocates of nation-state threats. “Russian GRU launches global brute force campaign to compromise enterprises and cloud environments” details how the Main Intelligence Directorate of the Russian General Staff (GRU) 85th The Main Special Service Center (GTsSS) has targeted hundreds of U.S. and foreign organizations using brute force access to infiltrate government and private sector victim networks. Advisory Reveals Tactics, Techniques and Procedures (TTP) GTsSS actors used in their campaign to exploit target networks, access credentials, move sideways, and collect and eject data. It also arms system administrators with the necessary mitigation to counter this threat. Malicious cyber actors use brute force techniques to discover valuable credentials often through extensive login attempts, sometimes with previously discovered usernames and passwords or by guessing through the most common password variations. While the brute force technique is not new, GTsSS software containers uniquely used it to easily scale its brutal force efforts. Once valid credentials were discovered, GTsSS combined them with various publicly known vulnerabilities to gain further access to victim networks. This, along with various techniques also detailed in counseling, allowed actors to evade protection and to collect and extract various information on networks, including mailboxes. The advisor warns system administrators that exploitation is almost certainly ongoing. Targets have been global, but mostly focused on the United States and Europe. Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks. The NSA encourages Department of Defense (DoD), National Security Systems (NSS) and Industrial Defense Base (DIB) system administrators to promptly review the Compromise Indicators (IOCs) included in the advice and implement the recommended mitigation. The most effective mitigation is the use of multi-factor authentication, which can not be guessed during brute force entry attempts. Read the instructions for a complete list of IOCs and mitigations. Visit NSA.gov/What-We-Do/Cybersecurity/Advisories-Technical-Uuidance/ to read more.

Sources 1/ https://Google.com/ 2/ https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/

