Security News > 2020 > September > Russian Military Hackers Targeted Credentials at Hundreds of Organizations in US, UK
For the past year, Russia-linked threat actor Strontium has targeted hundreds of organizations in the United States and the United Kingdom to harvest account credentials, Microsoft reveals.
On Thursday, Microsoft published information on a newly identified Strontium campaign that focused on harvesting Office365 credentials for tens of thousands of accounts at organizations in the US and UK, many of them directly involved in political elections.
Previous credential-harvesting efforts from Strontium relied on spear-phishing, such as the attacks leading up to the 2016 US presidential election, but the new campaign employed brute-force/password-spray tooling instead. The shift in tactics was observed for other nation-state actors as well, as it makes attacks more difficult to attribute.
"STRONTIUM's tooling alternates its authentication attempts amongst this pool of IPs approximately once per second. Considering the breadth and speed of this technique, it seems likely that STRONTIUM has adapted its tooling to use an anonymizer service to obfuscate its activity, evade tracking, and avoid attribution," Microsoft explains.
Strontium, Microsoft also reveals, is only one of the state-sponsored hacking groups targeting election-related organizations in the US and the UK. The China-linked Zirconium and Iran-backed Phosphorus groups were also observed engaging in such activities recently.
News URL
Related news
- Poland says Russian military hackers target its govt networks (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data (source)
- LockBit ransomware admin identified, sanctioned in US, UK, Australia (source)
- LockBit leader unmasked: US charges Russian national (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Chinese hackers hide on military and govt networks for 6 years (source)
- Russian indicted for selling access to US corporate networks (source)
- US sanctions 12 Kaspersky Lab execs for working in Russian tech sector (source)