![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
An advisory released by the U.S. National Security Agency<\/a> describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.
In a statement, NSA<\/a> Cybersecurity<\/a> Director Rob Joyce said the campaign was \"likely ongoing, on a global scale.\"
Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.
Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google<\/a> to manage cloud services, since at least mid-2019 through early this year. While a \"significant amount\" of the attempted break-ins targeted organizations using Microsoft<\/a>'s Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.
The U.S. has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.
The Russian Embassy in Washington on Thursday \"strictly\" denied the involvement of Russian government agencies in cyberattacks on U.S. government agencies or private companies.
In a statement posted on Facebook, the embassy said, \"We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.\"
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the U.S. energy and government sectors and is something the U.S. government has apparently been aware of for some time.
Slowik said the use of Kubernetes \"is certainly a bit unique, although on its own it doesn't appear worrying.\" He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as \"routine collection against policy makers, diplomats, the military, and the defense industry.\"
\"This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,\" Hultquist said in a statement.
The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Centre.
The GRU has been repeatedly linked by U.S. officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Mueller's office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks<\/a> in an effort to harm Hillary Clinton<\/a>'s presidential campaign and boost Donald Trump<\/a>'s bid.
More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.
Unlike Russia's foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraine's power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.
GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, U.S. officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in U.S. politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden<\/a>, whose son had earlier served on the board.
The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.
<\/body>","next_sibling":[{"msid":84055021,"title":"RBI warns against allowing Big Tech firms into financial services","entity_type":"ARTICLE","link":"\/news\/rbi-warns-against-allowing-big-tech-firms-into-financial-services\/84055021","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":84055041,"entity_type":"ARTICLE","title":"NSA discloses hacking methods it says are used by Russia","synopsis":"An advisory released by the U.S. National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.","titleseo":"telecomnews\/nsa-discloses-hacking-methods-it-says-are-used-by-russia","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":252,"shares":0,"engagementtimems":1018000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-07-02 08:00:55","lastupd":"2021-07-02 08:03:23","breadcrumbTags":["cybersecurity","national security agency","Hillary Clinton","wikileaks","Joe Biden","google","Donald Trump","Microsoft","NSA"],"secinfo":{"seolocation":"telecomnews\/nsa-discloses-hacking-methods-it-says-are-used-by-russia"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-07-02" data-index="article_1">
- Telecom乐动扑克News
- 4分钟阅读
国家安全局披露俄罗斯黑客所使用的表示方法
咨询发布的美国国家安全局描述特工格勒乌有关的袭击,俄国军事情报机构,之前与国外主要的网络攻击和扰乱美国2016年和2020年的选举。
读到
美国发布的一个顾问国家安全局描述特工格勒乌有关的袭击,俄国军事情报机构,之前与国外主要的网络攻击和扰乱美国2016年和2020年的选举。
在一份声明中,国家安全局 网络安全主管罗伯·乔伊斯说竞选“可能持续,在全球范围内。”
蛮力攻击涉及网站的自动喷涂与潜在直到黑客获取密码。咨询专家敦促公司采取的方法长敦促网络卫生常识,包括使用多因素身份验证和授权强密码。
期间发布一场毁灭性的波ransomware袭击政府和关键基础设施、运动的顾问没有披露具体目标或其预期目标,只是说黑客针对全球数以百计的组织。
美国国家安全局说GRU-linked特工试图闯入网络使用Kubernetes,最初开发的开源工具谷歌管理云服务,至少从2019年代中期到今年年初。而“大量”的企图入侵目标组织使用微软Office 365的云服务,黑客就其他云提供商和电子邮件服务器之后,美国国家安全局说。
美国一直指责俄罗斯间谍的使用和容忍网络攻击,散布虚假信息,政府和关键基础设施的破坏。
俄罗斯驻华盛顿大使馆周四“严格”否认俄罗斯政府机构的参与网络攻击美国政府机构或私营企业。
在Facebook上发表声明,大使馆说,“我们希望美方会放弃毫无根据的指控和专注于专业的实践与俄罗斯专家合作,加强国际信息安全。”
乔Slowik威胁网络监控公司Gigamon分析师周四表示,活动被国家安全局显示了格勒乌进一步精简一个已经闯入网络的流行技术。他说这似乎重叠与能源部报告暴力入侵企图在2019年末和2020年初针对美国能源和政府部门,是美国政府显然已经意识到有一段时间了。
Slowik说使用Kubernetes“肯定是有点独特,虽然自己不出现令人担忧。”He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
分析的副总裁约翰•Hultquist Mandiant公司网络安全公司,描述了咨询活动中描述为“常规收集对决策者、外交官、军队和国防工业。”
“这是一个很好的提醒,格勒乌仍然是一个威胁,这是特别重要的考虑到即将到来的奥运会,一个事件他们很可能试图破坏,“Hultquist在一份声明中说。
美国联邦调查局(FBI)和网络安全基础设施安全机构加入了咨询,英国国家网络安全中心也是如此。
格勒乌一再与美国官员近年来一系列窃听事件。2018年,特别顾问罗伯特·米勒的办公室收取12与黑客的军事情报官员民主之后发布的电子邮件维基解密为了伤害希拉里•克林顿(Hillary Clinton)总统竞选和提高唐纳德·特朗普的报价。
最近,美国司法部指控去年秋天在网络攻击对格勒乌官员宣布,针对法国总统大选,冬季奥运会在韩国和美国企业。
与俄罗斯对外情报局SVR,归咎于SolarWinds黑客活动,注意不要被发现在其网络运维格勒乌已经进行了历史上最具破坏性的网络攻击,其中包括两名在2017年乌克兰的电网和NotPetya病毒全球造成了超过100亿美元的损失。
格勒乌人员也参与了虚假信息的传播相关冠状病毒大流行,美国官员声称。和美国的情报评估3月说,格勒乌试图监视人在2019年和2020年美国政治和举行钓鱼反对乌克兰能源公司的子公司Burisma,可能收集信息损害总统乔•拜登(Joe Biden),他的儿子早前在黑板上。
连接后4月拜登政府批准俄罗斯选举干扰和SolarWinds违反。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动