U.S. and British security agencies have exposed “brute force” methods they say have been used by the Russian military-intelligence agency known as the GRU to conduct malicious cyberactivities against hundreds of government and private organizations.
In an advisory released on July 1, the U.S. National Security Agency described cyberattacks carried out by operatives of the GRU, which has been accused of involvement in attempts to disrupt U.S. presidential elections in 2016 and 2020, the hack in 2015 of the German Bundestag, and attacks on Ukraine's power grid, and many others.
The advisory details how the GRU's 85th Main Special Services Center "has targeted hundreds of U.S. and foreign organizations using brute force access to penetrate government and private sector victim networks."
NSA Cybersecurity Director Rob Joyce said in a statement that the Russian cybercampaign, which involves hackers submitting numerous passwords in an effort to eventually guess the correct combination, was “likely ongoing, on a global scale.”
Russian officials did not immediately comment.
Cyberattacks have become a significant and growing concern after a number of intrusions of Western government and corporate networks by hackers allegedly based in Russia. Russian has repeatedly denied involvement in the hacking attacks.
The NSA said GRU-linked operatives have attempted to infiltrate networks using Microsoft's Office 365 cloud services; Kubernetes, an open-source tool originally developed by Google; and other cloud and e-mail services.
Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks, according to an NSA press release.
The agency identified the use of multifactor identification, which is not guessable during brute-force attempts, as the most effective way for entities to protect themselves from the campaign.