Security News > 2021 > July > NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and the U.K.'s National Cyber Security Centre formally attributed the incursions to the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center.
"The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said.
"After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement."
Some of the other security flaws exploited by APT28 to pivot inside the breached organizations and gain access to internal email servers include -.
The threat actor is also said to have utilized different evasion techniques in an attempt to disguise some components of their operations, including routing brute-force authentication attempts through Tor and commercial VPN services, such as CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and WorldVPN. The agencies said the attacks primarily focused on the U.S. and Europe, targeting government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.
"Additional mitigations to ensure strong access controls include time-out and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses."
News URL
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- HellCat hackers go on a worldwide Jira hacking spree (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices (source)
- FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches (source)