Washington (AP) — US and UK agencies reveal details on Thursday how Russian intelligence agencies used to break into cloud services of hundreds of government agencies, energy companies and other organizations. I made it.
A recommendation issued by the US National Security Agency describes a “brute force” attack by operatives associated with the Russian military intelligence agency GRU. This has previously been linked to large-scale cyberattacks abroad and efforts to disrupt US elections in 2016 and 2020.
Brute force attacks automatically spray potential passwords on sites until they are accessible to hackers. This advisory encourages businesses to adopt the long-held methods of common-sense cyber hygiene from experts, such as using multi-factor authentication and requiring strong passwords.
Published during the devastating wave of ransomware attacks on government and key infrastructure, this advisory did not disclose the specific target of the campaign or its presumed purpose, and hackers have hundreds of hackers around the world. It says it’s just targeting the organization. In a statement, NSA cybersecurity director Rob Joyce said the campaign “is likely to be underway on a global scale.”
According to the NSA, GRU-linked operatives attempted to break into the network using Kubernetes, an open source tool developed by Google to manage cloud services, at least from mid-2019 to early this year. .. According to the NSA, “a significant amount” of intrusion attempts have targeted organizations using Microsoft’s Office 365 cloud services, while hackers have also chased other cloud providers and email servers.
The United States has long accused Russia of using and tolerating cyberattacks for espionage, disinformation, and disruption of government and major infrastructure. The Russian Embassy in Washington did not immediately respond to a request for comment on Thursday.
Joe Slowik, a threat analyst at network monitoring firm Gigamon, said the activities described by the NSA on Thursday show that GRU has further streamlined already popular methods for breaking into networks. He appears to overlap with the U.S. Department of Energy’s report of attempts to invade brute force targeting the U.S. energy and government sector in late 2019 and early 2020, which the U.S. government has long been reporting. He said he was aware of it.
The use of Kubernetes “doesn’t seem to worry in itself, but it’s certainly a bit unique,” Slowik said. He said that brute force and lateral movements within the network described by the NSA are common among state-sponsored hackers and criminal ransomware gangs, and that GRUs merge with other actors. I said it would be possible.
The FBI and cybersecurity and infrastructure security agencies have joined the advisory, along with the UK National Cybersecurity Center.
GRU has been repeatedly associated with a series of hacking incidents by US authorities in recent years. In 2018, Special Advisor Robert Muller’s office allegedly hacked a Democratic email released by WikiLeaks to undermine Hillary Clinton’s presidential campaign and boost Donald Trump’s bid. Indicted a military intelligence officer.
Recently, the Justice Department announced last fall that it had charged GRU officers in the French presidential election, the South Korean Winter Olympics, and cyberattacks targeting US companies.
Unlike Russia’s foreign intelligence agency SVR, which is careful not to be detected in cyber operations due to the SolarWinds hacking campaign, GRU is the most on record, including twice on the Ukrainian power grid and the 2017 NotPetya virus. Performed a damaging cyber attack. This has caused more than $ 10 billion in damage worldwide.
US officials claim that GRU agents are also involved in the disinformation disinformation related to the coronavirus pandemic. And according to US intelligence in March, GRU launched a fishing campaign against a subsidiary of Ukrainian energy company Brisma in an attempt to monitor US political people in 2019 and 2020. On the board.
In April, the Biden administration sanctioned Russia after linking it to election interference and SolarWinds violations.
Bajak reported from Boston.
The NSA discloses a hacking method that states it is used in Russia
Source link The NSA discloses a hacking method that states it is used in Russia