US intelligence agency warns of brute force attack by Russian government hackers

The National Security Agency (NSA), the cybersecurity infrastructure security agency CISA, the FBI and the UK’s National Cybersecurity Center (NCSC) have jointly warned that the Russian intelligence agency’s GRU hackers continue brute force attacks on government and private entities around the world.

Government agencies, including the NSA, jointly warned that since at least mid-2019, Unit 26165 under the GRU’s 85 Main Special Service Center (GTsSS) has been continuing brute force attacks on organizations around the world using the Kubernetes cluster. Kubernetes Cluster is an open source container orchestration system that can deploy, scale, and manage container applications. It means a set of node systems running Kubernetes, and Unit 26165 continues brute force attacks that perform obfuscation through various VPN (CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, WorldVPN) services in this Kubernetes cluster, that there is

The specific cyber attack procedure by GRU is to first launch a brute force attack to determine a valid certificate on the Kubernetes cluster, and then use the obtained certificate to penetrate known vulnerabilities, such as remote code execution vulnerabilities, in Exchange servers to penetrate government agencies or corporate networks. Next, it deploys a reGeorg Web shell that creates a Socks proxy on your intranet to stay intrusive, acquires other credentials and uses those credentials to access internal email servers.

Unit 26165 is said to have conducted brute force attacks without using VPN services from November 2020 to March 2021. In this case, attacks on the US government and military organizations, political consultants, political parties, defense contractors, energy companies, logistics companies, think tanks, higher education institutions, law firms, media companies, etc. are being identified from specific IP addresses.

According to the NSA and others, the GTsSS cyber attack unit is known as the APT28, Fancy Bear, and Strontium. In August 2020, the NSA warned that malicious tools made with Fancy Bear threaten national security. Related information can be found here.

US intelligence agency warns of brute force attack by Russian government hackers

lswcap

Add comment

Cancel reply

Cell robot confirmed capable of self-replication

Like life, there are limits… Social media limited to 100 posts?

Why women live longer than men

Topics

Recent posts

Cell robot confirmed capable of self-replication

Like life, there are limits… Social media limited to 100 posts?

Why women live longer than men

“Aboriginal herbal medicine is effective for cancer treatment”

Indian government “Starlink, from acquiring licenses before service… ”

What is the reason for the first decline in online sales on Black Friday?

Danish sensibility female front wheel hub motor bike

Spotify abolishes carview mode

Australia plans to compulsorily disclose social media anonymous user information

Email Newsletter

Techrecipe

Follow us

Most popular

Vertical farming and future food

AR office “remote collaboration as augmented reality … “

Electric vehicles in the middle 6 million won? Small EV floats

Agricultural robot development project being promoted by Google parent company

Starlink satellite … Foreshadow the age of global Internet

Tesla who went to the sea? Electric ships float.

UFS 3.0 “Smartphone data transfer speed is two times faster”

How was the ARM architecture born

Dismantling 200 units per hour … Apple 2nd Generation Recycling Robot

Challenges to autonomous vehicle data ownership

Puzzle pieces for the 5G era

Intel · Amazon · Google ‘2nd Generation Smartglass’

Most discussed

US intelligence agency warns of brute force attack by Russian government hackers

lswcap

Add comment

You may also like

Topics

Recent posts

Email Newsletter

Techrecipe

Follow us

Most popular

Most discussed