Russian Military Hackers Accused Of Global Campaign

Uploaded on 2021-07-12 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--International, FREE TO VIEW, TECHNOLOGY--Hackers

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the UK's National Cyber Security Centre have released a joint advisory statement accusing Unit 26165 of Russia's GRU militray intelligence agency of being behind what they call a global campaign "to compromise enterprise and cloud environments". 

There are said to be hundreds of targets around the world, including political parties and democratic institutions.

The group working for the GRU allegedly stole and leaked Democrat emails during the US 2016 presidential election.  The US says the group belongs to the 85th Main Special Service Center of the GRU, which is sometimes called Fancy Bear, APT28 or Strontium.

One of the recent targets was the Norwegian parliament in the summer of 2020. Microsoft has also said that the same campaign targeted US and UK organisations directly involved in political elections. Microsoft has detected cyber-attacks targeting people and organisations involved in the recent presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns

The campaign is said to have begun in mid-2019 and to be "almost certainly" ongoing. It has mainly been directed at organisations using Microsoft Office 365 cloud services, but other service providers have also been targeted. The attack is relatively unsophisticated, with the hackers using multiple attempts to log in with different passwords to try to access systems. 
They are alleged to have used specialist software to scale up these efforts and to have used Virtual Private Networks and Tor, an anonymising system, to try to hide what they were doing. 

In its September 2020 warning about the group, Microsoft said they used 1,000 constantly rotating IP addresses. Once they get in, Russian hackers then are said to have stolen data, including emails, as well as further log-in information to allow them to burrow deeper.

The US and the UK is encouraging those responsible for protecting computer systems to review their systems for indicators they have been compromised. 

NCSC:     Microsoft:      Just Security:    BBC:    Vestnik Kazkava:     Illinois Today:

You Might Also Read: 

Microsoft’s Defensive Playbook:

 

« The Qualities That Make A Successful Cyber Team
Seven Steps To Create An Effective Disaster Recovery Plan »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.