UK NCSC, US Agencies, Warn Of Russian Cyber Campaign

American and British cyber and intelligence agencies have warned of Russian military hackers targetting both the United States and Europe.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the UK’s National Cyber Security Centre released a joint advisory for security professionals.

In the advisory, the Western agencies allege that since at least mid-2019 through early 2021, a group of hackers belonging to Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (military unit 26165) has been behind an ongoing brute force attack against hundreds of government and private sector targets worldwide.

This group of GRU hackers is also sometimes known as Fancy Bear, APT28 or Strontium.

Joint advisory

“The 85thGTsSS directed a significant amount of this activity at organisations using Microsoft Office 365 cloud services; however, they also targeted other service providers and on-premises email servers using a variety of different protocols,” said the agencies.

“These efforts are almost certainly still ongoing.”

The joint advisory from the US and UK agencies revealed the tactics, techniques and procedures used in this campaign, which targetted governments and militaries, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants or political parties and think tanks.

“Network defenders are encouraged to follow mitigations outlined in the advisory and, in the first instance, ensure that multi-factor authentication (MFA) is rolled out across systems,” said the UK’s NCSC.

Russian activities

The warning from the US and UK comes after Russia’s Federal Security Service (FSB) head Alexander Bortnikov said last week that Russia would work together with the United States to locate cyber criminals.

That admission came as many nations bear the brunt of cyberattacks and ransomware campaigns conducted by so called criminal gangs located either in Russia, or parts of Eastern Europe.

The Russian pledge comes after US President Joe Biden and Russia’s President Vladimir Putin held a three hour face to face meeting in Geneva last month.

Biden and Putin reportedly spent much of that face-to-face meeting talking about cybersecurity issues, with Biden warning Putin of ‘retaliation’ if Russia attacks a list of 16 ‘critical’ facilities in America.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyber attack from a hostile state.

However this is highly unlikely against Russia.

That said, President Biden has often stated that countries such as Russia have a responsibility to tamp down on cybercrime originating in their countries.

In May, British Foreign Secretary Dominic Raab publicly warned Russia it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.