



US and UK intelligence agencies said in a report Thursday that Russian military hackers over the past three years have attempted to gain access to the computer networks of “hundreds of government and private sector targets in the world “and warned that these” efforts are almost certainly still underway. “

Why it matters: Security agencies have warned that the military cyber unit, best known for hacking into the Democratic National Committee and other political targets in the 2016 election, is still focusing on political consultants, political parties, and think tanks, although they did not specify any. targets by name.

The report is a joint advisory to network advocates issued by the United States National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI) and the National UK Cyber ​​Security Center (NCSC). ).

How it works: The agencies said hackers working for the 85th Main Special Service Center (GTSS) of the Russian General Staff were for the first time trying to obtain login credentials from government or private networks by performing “Widespread, distributed and anonymized brute force access attempts. “using Kubernetes.

Hackers can then use the valid credentials they obtain to expand their access to the targeted network, evade detection and defenses, and ultimately access and exfiltrate protected data, including email information. While brute-force password scouting campaigns are nothing new, the NSA said. the “GTsSS has uniquely leveraged software containers to easily scale its brute force attempts.”

What They Say: “The advisory warns system administrators that exploitation is almost certainly underway,” the NSA said. “The targets have been global, but mainly focused on the United States and Europe.”

“Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties and think tanks. “

The big picture: The report follows a summit between President Biden and Russian President Vladimir Putin, in which Biden threatened to use “important” US cyber capabilities to respond if entities of critical infrastructure were targeted by Russian hackers.

Putin, however, claimed in a press conference after the meeting that most of the ongoing cyber attacks were carried out from the United States. The hacking unit, also known as Fancy Bear, APT28, or Strontium, has attempted to break through global sports and anti-doping groups, conservative groups, the US Senate, and several think tanks. Europeans and emails from high Orthodox Christian clergy. Other Russia-based hacking groups were behind the massive SolarWinds breach discovered in December 2020 and, more recently, the targeting of U.S. foreign aid agencies, think tanks, consultants, and NGOs.

Next step: Agencies advised system administrators in government and private entities to counter future breaches by using multi-factor authentication, enforcing the use of strong passwords, and implementing timeout features and lockout for accounts after multiple unsuccessful password attempts.

They also recommended that entities refuse all inbound activity from the VPN and other anonymization services.

Going Further: FBI Director Says Cyber ​​Threat “Almost Exponentially” Grows

