US and UK intelligence agencies have accused Russian military hackers of being behind an ongoing cyber campaign to steal emails and other information, including from parliaments.
The campaign is mainly focused on the United States and Europe.
There are said to be hundreds of destinations around the world, including British political parties.
The same group allegedly stole and leaked Democratic emails during the 2016 US presidential election.
According to the United States, the group belongs to the GRU’s 85th Main Special Service Center, sometimes called Fancy Bear, APT28, or Strontium.
One of the most recent targets was the Norwegian Parliament in the summer of 2020.
Microsoft previously said that the same campaign was aimed at US and UK organizations that were directly involved in political elections, including UK parties.
The campaign should start in mid-2019 and “almost certainly” last. It was primarily aimed at organizations using Microsoft Office 365 cloud services, but also other service providers.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the UK National Center for Cybersecurity have released a joint notice accusing Russian GRU Unit 26165 of being behind what is known as a global campaign “to engagement” to stand business and cloud environments. ”
“This lengthy brute force campaign to collect and exfiltrate data, credentials and more is likely to continue on a global scale,” said Rob Joyce, NSA director of cybersecurity.
The attack is relatively straightforward and hackers use multiple login attempts with different passwords to access systems.
It is alleged that they used special software to augment this effort and used Virtual Private Networks and Tor, an anonymization system, to try to hide their activity.
In its September 2020 warning to the group, Microsoft said it used 1,000 IP addresses in constant rotation.
Once inside, Russian hackers reportedly stole data, including email, as well as other credentials so they could dig deeper.
Microsoft previously said that target organizations typically had more than 300 login attempts per hour for each target account over several hours or days.
The United States encourages those responsible for protecting computer systems to review their systems for signs of compromise.
They say the most effective way to deal with the threat is through multi-factor authentication, which should be used for login and which could not be guessed on brute force access attempts.
In addition to a password, multi-factor authentication also uses other information, such as a number that is sent to a phone via SMS.
They also suggest locking accounts if too many false assumptions are made about a password.