An elite team of hackers connected to Russian military intelligence have been using brute force attacks to target hundreds of organisations throughout the world, according to officials with U.S. and U.K. security agencies.
A joint advisory published Thursday says that the military unit 26165, also known by its moniker “Fancy Bear,” has been conducting “widespread, distributed, and anonymised brute force access attempts against hundreds of government and private sector targets.” Those targets have apparently included a wide array of military organisations, defence contractors, energy companies, political parties and consultants, media companies and more.
The attacks in question seem to have started sometime around mid-2019 and have continued through early 2021, the advisory states. “These efforts are almost certainly still ongoing,” it adds.
Thursday’s advisory comes from the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency and the U.K.’s National Cyber Security Centre.
Brute force attacks are a common form of cyberattack that involves rapid-fire password guessing as a method to gain entry into online accounts. Hackers will deploy automated software that can fly through millions of possible matches per second.
The hackers are combining the brute force campaign with known vulnerabilities in an effort to gain access to organisations and push further into networks, the advisory states.
Unit 26165/Fancy Bear, which operates out of the Russian General Staff Main Intelligence Directorate (GRU), has been linked to a number of other high-profile cyberattacks in the past. The same group is believed to have been responsible for the attacks on the Democratic National Committee and the Hillary Clinton campaign in 2016, and is commonly known to go after Western political and military targets.
The news of the campaign comes less than two weeks after President Biden had his first meeting with Russian leader Vladimir Putin — a meeting that allegedly was “good” and “positive.” Apparently not positive enough for the two countries to call a cyber-truce between their military services, however.
“Network managers should adopt and expand usage of multi-factor authentication to help counter the effectiveness of this capability,” the advisory warns. “Additional mitigations to ensure strong access controls include time-out and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses.”