WASHINGTON, D.C. - The Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations. The activities occurred from at least mid-2019 through early 2021.

“Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments” details how the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) has targeted hundreds of U.S. and foreign organizations using brute force access to penetrate government and private sector victim networks. The advisory reveals the tactics, techniques, and procedures (TTPs) GTsSS actors used in their campaign to exploit targeted networks, access credentials, move laterally, and collect and exfiltrate data. It also arms system administrators with the mitigations needed to counter this threat.

Get The Latest News!

Don't miss our top stories and need-to-know news everyday in your inbox.

Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, the GTsSS uniquely leveraged software containers to easily scale its brute force attempts.

Article continues after sponsor message

Once valid credentials were discovered, the GTsSS combined them with various publicly known vulnerabilities to gain further access into victim networks. This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes.

The advisory warns system administrators that exploitation is almost certainly ongoing. Targets have been global but primarily focused on the United States and Europe. Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants, or political parties, and think tanks.

The FBI remains committed to investigating and gathering evidence and intelligence to attribute, pursue, and disrupt the responsible threat actors. We will continue to investigate these types of malicious actors and impose risk and consequences through all of the tools in our toolbox, including our unique authorities, so the American people can have safety, security, and confidence in our digitally connected world.

More like this:

Oct 23, 2024 - Honoring Christopher Sichra: A Veteran's Tale of Duty and Sacrifice

Oct 9, 2024 - GCHS Announces Wall Of Fame Class Of 2024

Oct 12, 2024 - Granite City High School Announces Wall of Fame Class of 2024

Jul 23, 2024 - From Middle School Dropout to the C-Suite L&C Alumnus Named New Chief Data and Technology Officer  

Oct 3, 2024 - Cross-River Crime Task Force Deployment Results in Felony Arrests; Seizure of Fentanyl, Meth, Crack Cocaine