"Russia-based APT28 Linked to Mass Brute Force Attacks Against Cloud Networks"

Many cyber espionage campaigns have been linked to Russian hackers. Federal agencies of the U.S. and the U.K. recently warned about a number of brute force attacks executed by the Russia-based APT28 cybercriminal group. The agencies' joint report revealed that the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes cluster to carry out a series of brute force attacks against private and public entities globally from mid-2019 to early 2021. APT28 has multiple identities, which include Fancy Bear, Sednit, Tsar Team, and STRONTIUM. The APT28 threat actors launched brute force attacks against organizations that use Microsoft Office 365 cloud services. A brute force attack uses trial-and-error to guess usernames and passwords in order to gain access to a targeted source. Hackers can steal users' private data, such as email account credentials, through this type of attack. The threat actors were discovered to have exploited publicly known vulnerabilities in Microsoft Exchange servers for remote code execution and to gain privileged access to targeted networks. They also used the TOR platform and VPN services, such as IPVanish, CactusVPN, WorldVPN, NordVPN, ProtonVPN, and Surfshark, to hide their activities. Primary targets include government, military services, defense contractors, energy companies, law firms, media firms, and more. This article continues to discuss recent criminal activities performed by APT28 threat actors and how to mitigate brute force attacks. 

CISO MAG reports "Russia-based APT28 Linked to Mass Brute Force Attacks Against Cloud Networks"

 

Submitted by Anonymous on