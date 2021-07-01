Russia used ‘brute force’ methods to guess passwords and gain access to government agencies, according to the NSA.

Russian operatives used “brute force” to acquire access to government cloud services used by hundreds of agencies, energy corporations, and other organizations, according to findings disclosed by US and UK intelligence agencies on Thursday.

The National Security Agency (NSA) of the United States issued an advisory claiming that the attacks were linked to the GRU, Russia’s military intelligence agency, which has also been linked to major international cyberattacks and attempts to sabotage the 2016 and 2020 presidential elections in the United States.

The attacks entail an automated “spraying” of potential passwords on websites until hackers get access. Companies should use common-sense cyberhygiene practices like multifactor authentication and strong passwords, according to the NSA recommendation.

See the list below for more Associated Press reporting.

The advice, which was issued during a devastating wave of ransomware assaults on governments and critical infrastructure, does not reveal the campaign’s precise targets or apparent objective, instead stating that hackers have targeted hundreds of institutions throughout the world. NSA Cybersecurity Director Rob Joyce said in a statement that the attack was “likely ongoing, on a worldwide scale.”

Since at least mid-2019 through early this year, GRU-linked agents have attempted to hack into networks using Kubernetes, an open-source program initially designed by Google to manage cloud services, according to the NSA. The hackers went after other cloud providers and email servers as well, according to the NSA. While a “substantial amount” of the attempted break-ins targeted firms utilizing Microsoft’s Office 365 cloud services, the hackers also went after other cloud providers and email servers.

Russia has long been accused by the US of using and permitting cyberattacks for espionage, disinformation, and disruption of governments and critical infrastructure. A request for comment from the Russian Embassy in Washington was not immediately returned on Thursday.

The action revealed by the NSA on Thursday, according to Joe Slowik, a security analyst at network-monitoring firm Gigamon, reveals the GRU has further streamlined an already popular technique for hacking into networks. It appears to correspond with Department of Energy reporting on brute-force intrusion efforts targeting the US energy and government sectors in late 2019 and early 2020, and is something the US government has apparently been aware of for some time, he said.

According to Slowik, the usage of Kubernetes is “definitely a bit uncommon,” however it “doesn’t appear to be concerning on its own.” He mentioned the brute-force approach as well as lateral movement within networks. This is a condensed version of the information.