[ad_1]
Discovery of Destructive Russia SolarWinds spy campaign put the focus on the sophisticated supply chain hijacking Techniques of foreign intelligence hackers in Moscow. But now that is obvious Spying on SolarWinds Another group of pirates in the Kremlin has maintained its daily routine, using basic but often effective techniques to almost open up a vulnerable network that can be found in the US and on the global internet.
On Thursday it was broadcast by the NSA, the FBI, DHS’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cybersecurity Center joint advice a warning of hundreds of attempts by brute force hackers around the world, all carried out by 26165 units of the Russian military intelligence agency GRU. very well known as Fancy Bear or APT28. The hacking campaign includes a wide range of organizations, including government and military agencies, defense contractors, political parties and consultants, logistics companies, energy companies, universities, law firms and media companies. In other words, almost all interesting sectors of the Internet.
The hacking campaign has used fairly basic techniques against these targets, massively inventing usernames and passwords to gain initial access. Cybersecurity agencies have warned that the Fancy Bear campaign, however, has successfully violated several organizations and dismantled emails, and is not over. “This long campaign of brute force to obtain data, gain credentials and further collect and eliminate them is likely worldwide,” NSA cybersecurity director Rob Joyce wrote in a statement along with the advice.
Unit 26165 of the GRU, who carried out the SolarWinds campaign more than the spies of the SVR intelligence agency, have been heavily hacked. Fancy Bear was behind the hack-and-leak operations In 2016 it was addressed to all the Democratic National Committee and the Clinton Campaign ra International Olympic Committee and World Anti-Doping Agency. But there is still no reason to believe that the intentions of this latest effort go beyond traditional espionage, says John Hultquist, vice president of security company Mandiant and a longtime GRU follower.
“These intrusions don’t necessarily have the clumsiness that comes to mind when we think of GRU,” Hultquist says. But that doesn’t mean the hacking campaign isn’t significant. The unified advice, which calls the IP addresses and malware used by hackers, is seen as an attempt to add “friction” to a successful intrusion operation. “It’s a good reminder that the GRU is still there to carry out this type of activity, and it seems that espionage is focused on more classical targets, such as politicians, diplomats and the defense industry.”
The inclusion of targets in the energy sector in this hacking campaign creates an additional red flag, especially considering this A GRU hacking team, Sandworm, remains the only hacker who has caused real blackouts Sabotage of Ukrainian electricity in 2015 and 2016. The Department of Energy separately warned that in early 2020 hackers would turn to a U.S. “energy entity” before Christmas 2019. In this advice, there were later IP addresses that matched the GRU 26165 Unit. it was first reported by WIRED last year. “I’m always worried when I see GRU energy in space,” Hultquist says. However, he still sees simple espionage as motivation. “It is important to remember that Russia is a petro state. They have a strong interest in the energy sector. That will be part of the intelligence gathering requirements.”
The gross violence of the GRU may be “opportunistic” rather than targeted, argues Joe Slowik, who directs the intelligence of the security company Gigamon and first saw the Department of Energy’s alert and the link between the GRU. The group said it could access any network it could access before giving other Kremlin hackers like espionage or hacking with more specific missions. “Slowik says, ‘We will move forward and get access points in the organizations of interest.’ “They are then seated or forwarded to the parties responsible for the accesses involved, depending on the accesses they are able to activate.”
[ad_2]
Source link
