Russian Military Intelligence Is Behind Hacker Attacks Against Hundreds of Organizations Around the World - Document

7/2/2021
singleNews

The FBI, the NSA, the U.S. Cybersecurity and Infrastructure Security Agency, and the UK's National Cybersecurity Center have released a joint report revealing Russian military intelligence’s malicious cyber activity against the United States and world organizations.

Harmful interventions began at least in mid-2019 and “probably” continue to this day. “Since at least mid-2019 through early 2021, Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes®cluster to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide”, the document reads.

GTsSS malicious cyber activity has previously been attributed to hacker groups using the names Fancy Bear, APT28, Strontium, and others.

The targets of the cyber attacks were global, but the attacks were focused primarily on the United States and Europe against defense, government, party organizations, political consultants and military contractors, energy and logistics companies, research centers, higher education institutions, law firms, and media companies.

Hackers of the General Staff Main Intelligence Directorate of the Russian Federation chose their targets among organizations and institutions that use cloud software. Other software products and e-mail servers were also attacked with the use of various protocols.

Experts from the American and British secret services, predicting further Russian cyber attacks, provided recommendations on protection against Russian hackers.

In particular, they advised to use multifactor authentication and systematically request for re-authentication, to install services that check passwords for their similarity to others, to use automated means of checking access logs to detect abnormal access.