Cyber Security MOD Crown Copyright Defence Imagery duotone
Cyber

UK And US Agencies Accuse Russian Military Intelligence Of 'Brute Force' Cyber Campaign

Multiple organisations have jointly published an advisory to promote greater security in the cyber domain.

Cyber Security MOD Crown Copyright Defence Imagery duotone

British and American agencies have revealed details of "brute force" cyber methods used by Russia to target the cloud services of hundreds of government agencies, energy companies and other organisations.

A newly released advisory describes attacks by operatives linked to the Russian military intelligence agency, which has been tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 US elections.

Russia considers cyber a space to be protected by its armed forces, although its command chain in the domain is often blurred with civilian bodies.

The US authorities consider Russia's Directorate of the General Staff (GRU) and certain subordinate units principle actors in offensive cyber and influence operations, according to the International Institute for Strategic Studies.

The British National Cyber Security Centre jointly issued the advisory 'Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments' – urging companies to bolster their defences.

In a statement, the US National Security Agency (NSA) Cybersecurity Director, Rob Joyce, said the campaign was "likely ongoing, on a global scale".

Russian Flag outside Kremlin Tower
Russia has been conducting aggressive cyber attacks against hundred of organisations worldwide, multiple agencies have said (Picture: PA).

Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access, although specific targets of the campaign were not disclosed.

The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019.

While a "significant amount" of the attempted break-ins targeted organisations using Microsoft's Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.

Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.

The FBI and the Cybersecurity and Infrastructure Security Agency also joined the advisory.