WASHINGTON – The United States and Britain are raising a new alarm on Russian activity in cyberspace, accusing the Kremlin of repeatedly trying to force its way into the critical systems of government agencies, contractors in the defense, universities and even political parties.
A joint advisory from the US National Security Agency (NSA) and the UK National Cyber Security Center said on Thursday that Russian military intelligence had been waging a “brute force” campaign since 2019 – to obtain credentials, like email credentials, then guess passwords. to enter.
“After gaining remote access, many well-known tactics, techniques and procedures (TTP) are combined to move sideways, evade defenses and collect additional information within target networks,” the advisory said.
The advisory noted that the Russian GRU had successfully targeted hundreds of US and foreign organizations, as well as various US government agencies, such as the Department of Defense.
Russia “has directed a significant amount of this activity to organizations using Microsoft Office 365 cloud services; however, it has also targeted other service providers and on-premises email servers,” according to the notice. “These efforts are almost certainly still ongoing.”
Elements of the campaign have already been attributed to Russian cyber actors known as Fancy Bear, APT28 or Strontium, he said.
U.S. officials have urged agencies and organizations to take basic precautions as a first step in fighting back.
“You can counter it by using strong authentication measures,” NSA cybersecurity director Rob Joyce tweeted Thursday. “Adding multi-factor authentication will go a long way in addressing the threat. “
The new advisory follows a string of high-profile hacks and ransomware attacks, including the hack by SolarWinds, a US-based software management company, last December that exposed up to 18,000 customers to Russian hackers, and the ransomware attack on Colonial Pipeline, the largest fuel pipeline operator in the United States
U.S. intelligence agencies have said the SolarWinds hack was part of a Russian operation, although cybersecurity experts say it was carried out by Russia’s foreign intelligence service, not the GRU.
U.S. officials have previously criticized the GRU for targeting the Democratic National Committee in the 2016 election and for targeting pharmaceutical companies developing vaccines against the coronavirus.
“It’s a good reminder that the GRU remains an imminent threat,” John Hultquist, vice president of analytics at cybersecurity firm Mandiant Threat Intelligence, said in a statement Thursday.
Hultquist added that the notice was “particularly important given the upcoming Olympics, an event they may well try to disrupt.” But he also warned that “Despite our best efforts, it is highly unlikely that we will ever prevent Moscow from spying.”
Some U.S. lawmakers have called for mandatory reporting requirements for businesses affected by major hacks, ransomware attacks and other types of breaches, saying this would help the government respond to cyber intrusions more effectively.
The country’s new national cyberspace director Chris Inglis has also warned that while too many malicious actors operate with impunity in cyberspace, many private sector companies have also failed to take the necessary precautions.
“It may well be that we need to step in and we need to regulate or mandate the same way we did for the aircraft or automotive industry,” Inglis told lawmakers during his confirmation hearing last month.