NSA releases advisory pointing finger at Russia in ‘brute force’ cyberattacks
WASHINGTON — U.S. and British agencies on Thursday disclosed details of methods they say have been used by Russian intelligence to break into the cloud services of hundreds of government agencies, energy companies and other organizations.
An advisory released by the U.S. National Security
Agency describes “brute force” attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections. Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access.
The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.
Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.
In a statement, NSA
Cybersecurity Director Rob Joyce said the campaign was “likely ongoing, on a global scale.”
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an opensource tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year.
While a “significant amount” of the attempted break-ins targeted organizations using Microsoft’s
Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.The U.S. has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.
The Russian Embassy in Washington did not immediately respond to a request for comment Thursday.
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks.
He said it appears to overlap with Department of Energy reporting on bruteforce intrusion attempts in late 2019 and early 2020 targeting the U.S. energy and government sectors and is something the U.S. government has apparently been aware of for some time.