How the Russian military is using “brute force” to hack the US government and businesses


US and UK agencies last week disclosed details of “brute force” methods they claim have been used by Russian intelligence services to attempt to break into the cloud services of hundreds of government agencies. , energy companies and other organizations.

A notice issued by the United States National Security Agency describes attacks by agents linked to GRU, the Russian military intelligence agency, which has previously been linked to major cyber attacks abroad and efforts to disrupt the 2016 and 2020 US elections.

In a statement, NSA cybersecurity director Rob Joyce said the campaign was “probably underway, globally.”

Brute force attacks involve the automated pulverization of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long advocated by experts such as common sense cyberhygiene, including using multi-factor authentication and enforcing strong passwords.

Posted amid a devastating wave of ransomware attacks against governments and key infrastructure, the advisory does not reveal the campaign’s specific targets or its purported objective, saying only that the hackers have targeted hundreds of organizations in the world.

The NSA says agents linked to the GRU have attempted to break into networks using Kubernetes, an open source tool originally developed by Google to manage cloud services, from at least mid-2019 until beginning of this year. While a “significant amount” of the break-in attempts targeted organizations using Microsoft’s Office 365 cloud services, hackers also preyed on other cloud providers and email servers, the NSA said.

Russian denials

The United States has long accused Russia of using and tolerating cyber attacks for the purpose of espionage, spreading disinformation, and disrupting key governments and infrastructure.

The Russian embassy in Washington on Thursday “strictly” denied the involvement of Russian government agencies in cyber attacks against US government agencies or private companies.

In a statement posted on Facebook, the embassy said: “We hope the US side will drop the practice of baseless accusations and focus on professional work with Russian experts to strengthen international information security.”

Joe Slowik, a threat analyst at network monitoring firm Gigamon, said the activity described by the NSA on Thursday shows that the GRU has further streamlined an already popular technique for breaking into networks. He said this appears to overlap with Department of Energy reports of brute force intrusion attempts in late 2019 and early 2020 targeting the US energy and government sectors and which the US government has apparently been aware of since. some time.

Slowik said the use of Kubernetes “is certainly a bit unique, although in itself that doesn’t sound worrisome.” He said the brute force method and lateral movement within networks described by the NSA are common among state-backed hackers and ransomware criminal gangs, allowing the GRU to blend in with d ‘other actors.

John Hultquist, vice president of analytics at cybersecurity firm Mandiant, called the activity described in the advisory “routine collection against policymakers, diplomats, the military and the defense industry. “.

“It’s a good reminder that the GRU remains an imminent threat, which is especially important given the upcoming Olympics, an event they may well try to disrupt,” Hultquist said in a statement.

The FBI and the Cybersecurity and Infrastructure Security Agency joined the council, as did the British National Cyber ​​Security Center.

Charges against GRU

The GRU has been repeatedly linked by US officials in recent years to a series of hacking incidents. In 2018, the Office of Special Advocate Robert Mueller indicted 12 military intelligence officers for hacking Democratic emails that were later published by WikiLeaks in an attempt to undermine Hillary Clinton’s presidential campaign and boost the candidacy of Donald Trump.

More recently, the Justice Department announced charges last fall against GRU agents in cyberattacks targeting a French presidential election, the Winter Olympics in South Korea, and American businesses.

Unlike the Russian foreign intelligence agency SVR, which is blamed for SolarWinds’ hacking campaign and ensures it goes undetected in its cyber operations, the GRU has carried out the most damaging cyber attacks on record, including two on the Ukrainian power grid and the NotPetya virus of 2017 which caused more than $ 10 billion in damage worldwide.

GRU agents have also been implicated in spreading disinformation related to the coronavirus pandemic, US officials have alleged. And a US intelligence assessment in March indicates that the GRU attempted to monitor people in US politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of Ukrainian energy company Burisma, which could collect harmful information. President Joe Biden, whose son had previously served. on the board.

In April, the Biden administration sanctioned Russia after linking it to election interference and the SolarWinds violation.

Bajak reported from Boston.

Copyright 2021 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

The subjects
Cyber ​​United States Russia

Interested in Cyber?

Receive automatic alerts for this topic.


Leave A Reply