The fairy bear group in Moscow has been guessing passwords all this time.
The discovery of Russia's malicious SolarWinds campaign draws attention to advanced air-penetration supply chain techniques in Moscow. But it is now clear that throughout the SolarWinds spy and its aftermath, another group of Kremlin hackers, using basic but often effective techniques, have continued their routine to nearly any vulnerable network across the United States and beyond. Open the world. Internet. p>
On Thursday, the National Security Agency, FBI, DHS and the UK's National Cyber Security Center issued a joint advisory warning to hundreds of brutal hackers around the world, all by unit 26165 of Russia's GRU military intelligence agency, known As Fantasy Bear or APT28. The hacking campaign involved a wide range of organizations, including government and military organizations, defense contractors, political and advisory parties, logistics companies, energy companies, universities, law firms, and media companies. In other words, almost any area of interest on the Internet.
The hacking campaign was carried out with relatively simple techniques used against these purposes -Mass guessing usernames and passwords to gain initial access. But cybersecurity agencies warn that the Fancy Bear campaign has successfully dismantled several entities and suppressed exploding emails — and that's far from over. The Director of Cyber Security at the National Security Agency, Rob Joyce, wrote in a statement with a detailed advisor that it is likely to continue. SolarWinds campaign ads have a very destructive piracy history. Fancy Bear was behind the hack, which targeted everyone from the Democratic National Committee and the Clinton campaign in 2016 to the International Olympic Committee and the World Anti-Doping Agency. “But there is still no reason to believe that the goals of this effort go beyond conventional espionage,” said John Holtquist, vice president of security at Mandiant and a former tracker at the GRU.
"These interventions are not necessarily the helicopters we think of when we think of the GRU." But this does not mean that the hacking campaign is not important. He described the joint advisory, which addresses IP addresses and malware used by hackers, as an attempt to add "friction" to a successful hacking operation. "It's a good reminder that GRU still exists and does this kind of activity, and seems to focus more on classic spy targets like policymakers, diplomats, and the defense industry."
The energy targets of this hacking campaign raise another red flag, especially considering that another GRU hacking team, Sandworm, remains the only hacker to cause real blackouts in 2015 and 2016. It sabotages Power plants in Ukraine. In early 2020, when hackers targeted the US Energy Corporation just before Christmas in 2019. The advisory included IP addresses that subsequently matched GRU 26165, as first reported by WIRED last year. "I always get worried when I see a GRU in the energy field," says Holt-Quest. However, owning one is still beyond the reach of the average person. "It is important to remember that Russia is an oil country. They are very interested in the energy sector. This will be part of their intelligence needs." The brutal hack of the GRU could be an "opportunist". “The team might have easy access to any network that can reach other hackers in the Kremlin with more specific tasks, such as spying or disrupting, before they are cut,” he said. “They have a mission: “Go and use the access points in our favorite organizations.” Then They sit on it or pass it on to the parties with the most access to each of the interventions.” Slowik says the scope of the “Dispersal” campaign shows how the GRU is increasing its access efforts. For example, the consultant notes that hackers have used Kubernetes, a virtual tool server and automation tool.This appears to be a new trick to rotate virtual machines more efficiently for use in trying to hack.Slovakia adds that by sticking to the simple techniques used by hackers and government-sponsored cybercriminals, GRU hacking remains somewhat "undeniable". It wasn't a matter of associating government advisers with the GRU, there would be little evidence that network operators could distinguish between exploration and other hacking attempts.
After a meeting between US President Joe Biden and Russian President Vladimir Putin at the Geneva summit, It was part of it to defuse tensions over Russia's spying on the SolarWinds system, apparently. The latest news about Russia's penetration is a slap in the face to US diplomatic efforts. In addition, Biden identified 16 critical areas of US infrastructure that he identified as constraints on any hacking — including in the energy sector — of Putin.
But it is not yet clear which, if any, sensitive infrastructure targets may have penetrated the GRU's brutal collective struggle, or whether or not it occurred after the summit. Before that. Regardless, Mandiant's John Holtquist believes that no meeting between Biden and Putin - or any other act of diplomacy - will prevent cat and mouse from playing forever.
"Does this mean that whatever the Holocaust says, we have already separated from Russia? No, there was nothing we could do to prevent Moscow from spying." It just won't happen. “We will always live in a world where Russians collect information, and that always includes electronic capability.” p>
This story first appeared on wired.com.>
Russian hackers are trying to damage hundreds of networks
Google has released an official "glimpse" of its upcoming flagship Pix...
At $12 per month, YouTube Premium offers ad-free videos, background playback on phones, an...
For at least a decade, privacy advocates have yearned ...
On Wednesday, Amazon sent out an email notification to customers who pu...