Security News > 2021 > July > NSA: Russian GRU hackers use Kubernetes to run brute force attacks
The National Security Agency warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files.
In a new advisory released today, the NSA states that the Russian GRU's 85th Main Special Service Center, military unit 26165, has been using a Kubernetes cluster since 2019 to perform password spray attacks on US and foreign organizations, including the US government and Department of Defense agencies.
The brute force attacks target cloud services, such as Microsoft 365, to compromise accounts that are then used in conjunction with known vulnerabilities to gain initial access to corporate and government networks.
The NSA says that once they gain access, they will spread laterally through the network while deploying a reGeorg web shell for persistence, harvesting other credentials, and stealing files.
"The NSA does not publicly share details on victims of foreign malicious cyber activity." - NSA. A complete list of TTPs, including a Yara rule to detect the reGeorg variant web shell, can be found in the NSA's cybersecurity advisory,.
"This lengthy brute force campaign to collect and exfiltrate data, access credentials and more, is likely ongoing, on a global scale," said Rob Joyce, NSA's Director of Cybersecurity, in a statement.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)