Security News > 2020 > September > Russian Military Hackers Targeted Credentials at Hundreds of Organizations in US, UK
For the past year, Russia-linked threat actor Strontium has targeted hundreds of organizations in the United States and the United Kingdom to harvest account credentials, Microsoft reveals.
On Thursday, Microsoft published information on a newly identified Strontium campaign that focused on harvesting Office365 credentials for tens of thousands of accounts at organizations in the US and UK, many of them directly involved in political elections.
Previous credential-harvesting efforts from Strontium relied on spear-phishing, such as the attacks leading up to the 2016 US presidential election, but the new campaign employed brute-force/password-spray tooling instead. The shift in tactics was observed for other nation-state actors as well, as it makes attacks more difficult to attribute.
"STRONTIUM's tooling alternates its authentication attempts amongst this pool of IPs approximately once per second. Considering the breadth and speed of this technique, it seems likely that STRONTIUM has adapted its tooling to use an anonymizer service to obfuscate its activity, evade tracking, and avoid attribution," Microsoft explains.
Strontium, Microsoft also reveals, is only one of the state-sponsored hacking groups targeting election-related organizations in the US and the UK. The China-linked Zirconium and Iran-backed Phosphorus groups were also observed engaging in such activities recently.
News URL
Related news
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)