US, Britain Warn of Russian ‘Brute Force’ Cyber Campaign
The United States and Britain are sounding another alarm about Russian activity in cyberspace, accusing the Kremlin of repeatedly trying to smash its way into the critical systems of government agencies, defense contractors, universities, and even political parties.A joint advisory Thursday from the U.S. National Security Agency (NSA) and Britain’s National Cyber Security Center said Russian military intelligence has been carrying out a “brute force” campaign since 2019 – getting a hold of credentials, like email logins, and then guessing passwords to gain entry. “After gaining remote access, many well-known tactics, techniques, and procedures (TTPs) are combined to move laterally, evade defenses, and collect additional information within target networks,” the advisory said.The advisory noted that Russia’s GRU has successfully targeted hundreds of U.S. and foreign organizations, as well as various U.S. government agencies, such as the Department of Defense.Russia “directed a significant amount of this activity at organizations using Microsoft Office 365 cloud services; however, they also targeted other service providers & on-premises email servers,” according to the advisory. “These efforts are almost certainly still ongoing.”Elements of the campaign have previously been attributed to Russian cyber actors known as Fancy Bear, APT28 or Strontium, it said.U.S. officials urged agencies and organizations to take basic precautions as a first step in fighting back.“You can counter it by using strong authentication measures,” NSA Cybersecurity Director Rob Joyce tweeted Thursday. “Adding multi-factor authentication will go a long way in remediating the threat.”The new advisory follows a string of high-profile hacks and ransomware attacks, including last December’s hack of SolarWinds, a U.S.-based software management company, which exposed as many as 18,000 customers to Russian hackers, and the ransomware attack against Colonial Pipeline, the largest fuel pipeline operator in the U.S.U.S. intelligence agencies have said the SolarWinds hack was part of a Russian operation, although cybersecurity experts say it was carried out by Russia’s foreign intelligence service and not the GRU.U.S. officials have previously blamed the GRU for targeting the Democratic National Committee during the 2016 elections and for targeting pharmaceutical companies developing vaccines against the coronavirus.“This is a good reminder that the GRU remains a looming threat,” John Hultquist, the vice president of analysis at the cyber security firm Mandiant Threat Intelligence, said in a statement Thursday.Hultquist added the advisory was “especially important given the coming Olympics, an event they may well attempt to disrupt.” But he also warned that, “Despite our best efforts we are very unlikely to ever stop Moscow from spying.”Some U.S. lawmakers have called for mandatory reporting requirements for companies hit by major hacks, ransomware attacks and other types of breaches, saying it will help the government respond more effectively to cyber intrusions.The nation’s new national cyber director, Chris Inglis, has also warned that while too many malign actors are operating with impunity in cyberspace, many private sector companies have likewise failed to take the necessary precautions.“It may well be we need to step in and we need to regulate or mandate in the same way we’ve done that for the aviation industry or the automobile industry,” Inglis told lawmakers during his confirmation hearing last month.
…