UK NCSC, US Agencies, Warn Of Russian Cyber Campaign

American and British cyber and intelligence agencies have warned of Russian military hackers targetting both the United States and Europe.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the UK’s National Cyber Security Centre released a joint advisory for security professionals.

In the advisory, the Western agencies allege that since at least mid-2019 through early 2021, a group of hackers belonging to Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (military unit 26165) has been behind an ongoing brute force attack against hundreds of government and private sector targets worldwide.

This group of GRU hackers is also sometimes known as Fancy Bear, APT28 or Strontium.

Joint advisory

“The 85thGTsSS directed a significant amount of this activity at organisations using Microsoft Office 365 cloud services; however, they also targeted other service providers and on-premises email servers using a variety of different protocols,” said the agencies.

“These efforts are almost certainly still ongoing.”

The joint advisory from the US and UK agencies revealed the tactics, techniques and procedures used in this campaign, which targetted governments and militaries, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants or political parties and think tanks.

“Network defenders are encouraged to follow mitigations outlined in the advisory and, in the first instance, ensure that multi-factor authentication (MFA) is rolled out across systems,” said the UK’s NCSC.

Russian activities

The warning from the US and UK comes after Russia’s Federal Security Service (FSB) head Alexander Bortnikov said last week that Russia would work together with the United States to locate cyber criminals.

That admission came as many nations bear the brunt of cyberattacks and ransomware campaigns conducted by so called criminal gangs located either in Russia, or parts of Eastern Europe.

The Russian pledge comes after US President Joe Biden and Russia’s President Vladimir Putin held a three hour face to face meeting in Geneva last month.

Biden and Putin reportedly spent much of that face-to-face meeting talking about cybersecurity issues, with Biden warning Putin of ‘retaliation’ if Russia attacks a list of 16 ‘critical’ facilities in America.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyber attack from a hostile state.

However this is highly unlikely against Russia.

That said, President Biden has often stated that countries such as Russia have a responsibility to tamp down on cybercrime originating in their countries.

In May, British Foreign Secretary Dominic Raab publicly warned Russia it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Increases Concessions, Amid CMA Oversight Of Cookie Removal

Google expands data pledges to address concerns of British competition regulator, overseeing tech giant's removal…

22 hours ago

India Moves To Ban Private Cryptocurrencies

India is to launch its own official digital currency, but will also ban private cryptocurrencies…

1 day ago

Google To Pay Millions To Ireland In Back Taxes

Google is to pay £183m in back taxes to the Irish government, in line with…

1 day ago

Orange CEO Resigns After Court Conviction

Stephane Richard steps down from his CEO and chairman positions of French mobile giant Orange,…

2 days ago

Apple To Use Own iPhone 5G Modem Design In 2023 – Report

Bad news Qualcomm. Team up with TSMC will see Apple utilise its own 5G modems…

2 days ago