The top security agencies in the US and the UK issued a stark warning about the ongoing activities of Russian military intelligence groups against US and global organizations.
The activities of Russian military intelligence groups are well documented, and law agencies can usually track the attack after they occur. Whether the attackers use brute force techniques to identify valid credentials, collect leaked usernames and passwords, or simply guess common passwords, the methods used remain the same.
According to data released by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC), the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) is responsible for hundreds of attacks against US and foreign organizations.
“Once valid credentials were discovered, the GTsSS combined them with various publicly known vulnerabilities to gain further access into victim networks,” says the joint advisory. “This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes.”
The joint advisory is meant to warn system administrators that attacks are likely ongoing. The GTsSS will target everyone, including government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties and much more.
The law and security agencies published a comprehensive list of indicators of compromise and some possible mitigations. Since it seems that GTsSS relies heavily on brute-force attacks, the best solution is two-factor authentication, which makes it much easier to fight off these types of intrusions.