Security News > 2021 > July > Russians Used Brute Force Attacks Against Hundreds of Orgs: Security Agencies

Security agencies in the United States and United Kingdom issued an advisory on Thursday to warn organizations about an ongoing global campaign involving brute force techniques.

According to the agencies, brute-force access attempts have been used against hundreds of organizations worldwide, particularly in the United States and Europe.

"Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, the GTsSS uniquely leveraged software containers to easily scale its brute force attempts," the agencies said.

The campaign, which appears to have started in mid-2019, has leveraged a Kubernetes clustered to conduct what has been described as "Widespread, distributed and anonymized brute force access attempts." While some of these attempts were served directly from nodes in this cluster, in most cases the attacks went through the Tor network and various commercial VPN services.

The brute force attacks have been combined with exploitation of known vulnerabilities, such as the Microsoft Exchange flaws that have been leveraged in many attacks over the past months.

The agencies said much of the brute force activity was aimed at organizations using Microsoft 365 cloud services, but the hackers also targeted other service providers, as well as on-premises email servers.

News URL

http://feedproxy.google.com/~r/securityweek/~3/nF-Sp2Q_JpQ/security-agencies-russian-cyberspies-used-brute-force-against-hundreds-orgs