Breaking News

NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

FORT MEADE, Md. NSA -- PRESS RELEASE | July 1, 2021

NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

 FORT MEADE, Md.  –  The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations, starting from mid-2019 and likely ongoing.  This advisory is being released as part of NSA's routine and continuing cybersecurity mission to warn network defenders of nation state threats.

“Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments” details how the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) has targeted hundreds of U.S. and foreign organizations using brute force access to penetrate government and private sector victim networks. The advisory reveals the tactics, techniques, and procedures (TTPs) GTsSS actors used in their campaign to exploit targeted networks, access credentials, move laterally, and collect and exfiltrate data. It also arms system administrators with the mitigations needed to counter this threat.

Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, the GTsSS uniquely leveraged software containers to easily scale its brute force attempts.

Once valid credentials were discovered, the GTsSS combined them with various publicly known vulnerabilities to gain further access into victim networks. This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes.

The advisory warns system administrators that exploitation is almost certainly ongoing. Targets have been global, but primarily focused on the United States and Europe. Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.

NSA encourages Department of Defense (DoD), National Security Systems (NSS), and Defense Industrial Base (DIB) system administrators to immediately review the indicators of compromise (IOCs) included in the advisory and to apply the recommended mitigations. The most effective mitigation is the use of multi-factor authentication, which is not guessable during brute force access attempts. Read the advisory for a complete list of IOCs and mitigations.

Read more https://www.nsa.gov/What-We-Do/Cybersecurity/Advisories-Technical-Guidance/

Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location

Newsletter Subscriptions

WNCTIMES ON TWITTER

RT @wncnaturecenter: DidYouKnow the Nature Center is one of 40 AZA-accredited facilities that houses the world’s most endangered canine sp…
Less than a minute ago
Idaho expands Crisis Standards of Care statewide due to surge in COVID-19 patients requiring hospitalization… https://t.co/9PwcjWkRLK
Less than a minute ago
Brain refreshing: Why the dreaming phase matters https://t.co/iSll33HmiF Science research news lifestyle… https://t.co/VJGpTJQ5Vi
Less than a minute ago
Temporary Hot Food Waiver Approved for NC Food and Nutrition Services Recipients in Three Counties Impacted by Trop… https://t.co/9mlIJCfFl2
About 17 hours ago
RT @nywolforg: Be kind to yourself and others 🐺 RedWolfWeek https://t.co/UfHlW3yWb5
About 20 hours ago