Skip to content

FBI, NSA and partners warn of global Russian Brute Force cyber attack

The NSA, FBI, CISA and UK’s NCSC released a joint cybersecurity advisory on Thursday warning of possible cyberattacks by the Russian military intelligence on USA and global organisations. These stacks started in mid-2019 and are likely to be ongoing.

The advisory identifies the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, as the main force behind the attack. They’ve been active with other aliases as well, such as Fancy Bear, APT28 and Strontium. 

Common attack types, a list of IP addresses and a table of tactics, techniques and procedures are provided in the advisory, which aims to warn network users of a possible incoming attack and help them prepare defences better.

In the News: Millions paid, Petabytes of data leaked: June 2021 Cyberattacks roundup

Why the fear?

Brute Forcing a password is an age-old hacking technique where the attacker keeps trying possible combinations until they get the right password. GTsSSs found a way to leverage Kubernetes software containers to scale its brute force event.

The GTsSS had previously used these methods using Office 365 cloud services while also targeting other service providers and on-premises email servers using a bunch of different protocols. These efforts are still likely to be going. 

An illustration of how Kuberenetes or other clould services are used to scale brute force attempts.(via the advisory)

The targets include Government and military organisations, logistics companies, defence contractors, think tanks, energy companies, law firms, media companies, higher education institutes, political consultants and party organisations. This campaign has already targeted hundreds of organisations worldwide. 

As mentioned earlier, the advisory goes on to list identified IP addresses from previous attacks, user agents — along with their detection opportunities, a Yara rule that matched the reGeorg variant web shell previously used by the threat actors and some general mitigations. 

Shortly after the advisory was made public, Cloudflare rolled out WAF mitigations to protect its customers against a brute force cyberattack.

In the News: Ghost of Tsushima: Director’s Cut is coming to PS4 and PS5 on August 20

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. If you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix