Russian military intelligence has been abusing cloud (opens in new tab) infrastructure to launch attacks against hundreds of targets worldwide, say cybersecurity (opens in new tab) agencies from the US and UK.
An advisory (opens in new tab) released by a number of agencies, including the FBI and UK National Cybersecurity Centre (NCSC), claims the Russian General Staff Main Intelligence Directorate (GRU) is conducting brute-force password attacks against both private and public sector organizations.
Previously, these attacks had been blamed on threat actors such as Fancy Bear, APT28, Strontium and others, but the security agencies now believe they are directed by a GRU unit known as GTsSS.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
>> Click here to start the survey in a new window (opens in new tab) <<
- Protect your devices with these best antivirus (opens in new tab) software
- These are the best data loss prevention services (opens in new tab) right now
- Check our list of the best firewall apps and services (opens in new tab)
“The GTsSS directed a significant amount of this activity at organizations using Microsoft Office 365 (opens in new tab) cloud services; however, they also targeted other service providers and on-premises email (opens in new tab) servers using a variety of different protocols,” the joint advisory explains.
In their breakdown of the attacks, the agencies say GTsSS employs a Kubernetes (opens in new tab) cluster to break into private networks in order to access protected data, including email, and identify valid account credentials.
Commenting on the modus operandi, the advisory says the attackers target victims by using a combination of compromised account credentials and publicly known vulnerabilities, such as the ones recently discovered in Microsoft Exchange servers (opens in new tab).
Furthermore, to obfuscate their origin, the attackers route their brute force authentication attempts through Tor and VPN (opens in new tab) services.
The joint statement comes not long after a meeting in Geneva (opens in new tab) between US President Joe Biden and his Russian counterpart Vladimir Putin. But the agencies believe the attacks “are almost certainly still ongoing.”
- Check our list of the best cloud computing (opens in new tab) services available right now