US security agency denounces new Russian “brute force” cyberattack method on a global scale

US and UK agencies have released details of the “brute force” methods who, as they denounced, were used by the Russian secret service to try to break into cloud services hundreds of government agencies, energy companies and other organizations.

A warning issued by the United States National Security Agency describes the attacks carried out by agents linked to the GRU, the Russian military intelligence agency, which has previously been linked to major cyber attacks abroad and efforts to disrupt the 2016 and 2020 U.S. elections.

In a statement, NSA cybersecurity director Rob Joyce said that the campaign was “probably underway, globally”.

Brute force attacks consist of automated embarkation of sites with possible passwords until hackers access them. The advisory urges companies to adopt methods that experts consider common sense when it comes to security, such as using two-factor authentication and requiring strong passwords.

Released as part of a devastating wave of ransomware attacks against key governments and infrastructure, the statement does not disclose the campaign’s specific objectives or its purported purpose, simply saying that hackers have attacked hundreds of organizations around the world.

NSA claims agents linked to the GRU attempted to enter networks using Kubernetes, an open source tool originally developed by Google to manage cloud services, from at least mid-2019 to the beginning of this year. While a “significant amount” of the breakthrough attempts targeted organizations using Microsoft’s Office 365 cloud services, hackers also attacked other cloud providers and email servers, the NSA said.

The United States has long accused Russia of using and tolerating cyber attacks for the purpose of spying, spreading disinformation, and disrupting key governments and infrastructure. The Russian Embassy in Washington did not immediately respond to a request for comment on Thursday.

Joe Slowik, a threat analyst at network monitoring firm Gigamon, said the activity described by the NSA on Thursday shows that the GRU has developed an already popular technique for connecting. He said this appears to coincide with reports from the Department of Energy of brute-force intrusion attempts in late 2019 and early 2020 targeting the energy sectors and the US government, and that the US government is apparently in control. running for some time.

Slowik said the use of Kubernetes “is certainly a bit unique, although in itself that doesn’t sound worrisome.” He said that the brute force method and lateral movement within networks described by the NSA are common among state-backed hackers and ransomware criminal gangs, allowing the GRU to blend in with other actors.

John Hultquist, vice president of analytics at cybersecurity firm Mandiant, called the activity described in the advisory “routine targeting of policymakers, diplomats, the military and the defense industry.” .

“It’s a good reminder that the GRU remains an imminent threat, which is especially important given the upcoming Olympics, an event that may well attempt to disruptHultquist said in a statement.

The FBI and the Agency for Cybersecurity and Infrastructure Security have joined the notice, as has the British National Cybersecurity Center.

The GRU has been repeatedly linked by US officials in recent years to a series of hacking incidents. In 2018, the Office of Special Advocate Robert Mueller indicted 12 military intelligence officers for hacking Democratic emails that were later published by WikiLeaks in an attempt to undermine Hillary Clinton’s presidential campaign and boost the candidacy of Donald Trump.

More recently, the Justice Department announced charges last fall against GRU officials in cyberattacks targeting a presidential election in France, the Winter Olympics in South Korea, and US companies.

Unlike the Russian foreign intelligence agency SVR, which is credited with the SolarWinds hacking campaign and is careful not to be detected in its cyber operations, the GRU carried out the most damaging cyber attacks on record, including two against the Ukrainian power grid and the 2017 NotPetya virus, which caused more than $ 10 billion in damage worldwide.

GRU agents have also been implicated in spreading false information related to the coronavirus pandemic, US officials have alleged. And a US intelligence assessment in March indicates that the GRU attempted to monitor people in US politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of Ukrainian energy company Burisma, which could collect damaging information for President Joe Biden, whose son had previously served on the board.

The Biden administration sanctioned Russia in April after linking it to election interference and the SolarWinds violation.

(With AP information)