Skip to main content

US, UK point fingers at Russia over large-scale brute-force attacks

(Image credit: Shutterstock / vs148)

APT28, a state-sponsored Russian hacking group, is conducting large-scale attacks against governments and businesses across the globe, cyber agencies from the US and UK claim.

The warning was issued in a new security advisory, published jointly by four intelligence organizations: the US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC).

According to the advisory, APT28 (also known as Fancy Bear) is working under the Russian General Staff Main Intelligence Directorate (GRU).  It's allegedly using a Kubernetes cluster to conduct "widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide."

The advisory further states that the brute-force attack is just the first step in a multi-step campaign, the goal of which is to secure privilege escalation and remote code execution across the target networks.

It would seem the campaign has been active for roughly two years now. It remained mostly under the radar, until now, due to APT28’s cloaking abilities. As explained in the advisory, brute-forcing was kept hidden by using the Tor network and commercial VPN services such as Surfshark or NordVPN.

The group also carried out the attacks through different protocols, including HTTPS, IMAP, POP3 and NTLM. The fact that the attacks weren’t constantly coming from the same channels made detection somewhat harder.

“This lengthy brute force campaign to collect and exfiltrate data, access credentials and more, is likely ongoing, on a global scale,” Rob Joyce, NSA Director of Cybersecurity, told The Record.

“Net defenders should use multi-factor authentication and the additional mitigations in the advisory to counter this activity.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.