Discussion

• @nsacyber @nsacyber on x

  Our recent #cybersecurity advisory with @CISAgov @FBI & @NCSC publicly exposes a global brute force campaign. Exploitation is likely ongoing. Review our advisory for #IOCs and #mitigation techniques: https://www.nsa.gov/... https://twitter.com/...

• @blaing_ B Laing on x

  “Russian GRU's 85th Main Special Service Center has been using a Kubernetes cluster since 2019 to perform password spray attacks on US and foreign organizations, including the US government and DoD agencies.” https://www.bleepingcomputer.com/ ...

• @ncsc Ncsc Uk on x

  🚨 Our advisory exposes a two-year brute force campaign by Russia's military intelligence service, the GRU, against public & private sector targets. You can counter the risk through strong multi-factor authentication measures ⤵️ https://www.ncsc.gov.uk/... @NSACyber @CISAgov @FBI …

• @silascutler Silas Cutler on x

  This is by far one of the most important reports I've read this year. For anyone looking to understand modern offensive capability, this is a good starting place. https://twitter.com/...

• @quinnypig Corey Quinn on x

  “Kubernetes is what hackers use” is absolutely the hype-deflating argument I've been looking for. Sometimes you have to fight fire with different fire. https://twitter.com/...

• @wired @wired on x

  The hacking campaign has targeted a broad swath of organizations, including government and military agencies. In other words, practically every sector of interest on the internet. https://www.wired.com/...

• @uuallan @uuallan on x

  I explained to someone today that while Captain America can be very effective with planning and skill, so can the Hulk by just “smashing” everything. This is the latter. Excellent report by @NSACyber https://twitter.com/...

• @zcohencnn Zachary Cohen on x

  The campaign began in mid-2019 & aspects of it have been publicly reported before but this is the first time the US government has attributed the operation to Russia's military intelligence service, the GRU. https://www.cnn.com/...

• @a_greenberg Andy Greenberg on x

  This GRU hacking campaign looks like the one we reported on last year, by the way, after obtaining an FBI victim notification about it, speaking to one of the targets, and linking it with a Dept. of Energy alert: https://www.wired.com/... https://twitter.com/...

• @zcohencnn Zachary Cohen on x

  US & UK officials believe the hacking campaign likely continues today. Routine intel collection is this group's “bread & butter,” per @JohnHultquist, who notes these incidents don't necessarily presage operations like hack & leak campaigns. https://www.cnn.com/...

• @cnnpolitics @cnnpolitics on x

  Russian military hackers engaged in a campaign to compromise the passwords of people employed in sensitive jobs at hundreds of organizations worldwide including US and European government and military agencies, US and UK officials say https://www.cnn.com/...

• @jorge_guajardo Jorge Guajardo on x

  “The hacking campaign has targeted a broad swath of organizations, including government and military agencies, defense contractors, political parties and consultancies, logistics companies, energy firms, universities, law firms, and media companies.” https://www.wired.com/...

• @robertmlee Robert M. Lee on x

  A very well done report and just mostly excited to see this level of transparency and public reporting out of NSA. They've wanted to be here for a long time, getting the internal approvals to do things are hard, but looks like they've made significant strides https://twitter.com/…

• @gordoncorera Gordon Corera on x

  NEW-US and UK accuse Fancy Bear - Russia's GRU - of cyber campaign, likely ongoing, targeting political parties and parliaments+defense companies, law firms, media. ‘Brute force’ guessing of passwords, often stealing emails from Microsoft Office 365 Cloud https://www.nsa.gov/...

• @jennamc_laugh Jenna McLaughlin on x

  A group led by @NSAGov released an advisory on a Russian GRU brute-force campaign targeting victims in government, military, media companies, and more between 2019 and now. “The most effective mitigation is the use of multi-factor authentication.” https://www.nsa.gov/...

• @johnhultquist John Hultquist on x

  Don't sleep on the GRU. Russia's most aggressive capability is not going away. At the very least, cyber espionage is here to stay. Kudos to CISA/FBI/NSA for adding friction to their ops. https://www.nsa.gov/...

• @b_fung Brian Fung on x

  The full list of sectors identified by US and UK officials as victims/targets include: Government and military Political parties and consultants Defense contractors Energy firms Logistics firms Think tanks Universities Law firms Media outlets

• @b_fung Brian Fung on x

  The main feature of this campaign was an attempt to brute-force victim passwords — essentially, trying different passwords until the attackers gained access — and then use other known software vulnerabilities to steal emails, compromise other accounts and collect more data.

• @tonyajoriley Tonya Riley on x

  NEW: NSA, CISA, FBI & NCSC attribute hacking campaign against hundreds of U.S. & foreign organizations to Russian state hackers “This lengthy brute force campaign to collect and exfiltrate data, access credentials and more, is likely ongoing, on a global scale,” says @RGB_Lights

• @b_fung Brian Fung on x

  NEW: US and UK national security officials say that since mid-2019, Russian military intelligence has sought to break the passwords of employees at hundreds of organizations worldwide, including US and European military agencies, government offices, law firms and more.

• @campuscodi Catalin Cimpanu on x

  NEW: In joint security advisories today from the NSA, FBI, CISA, and UK NCSC, the four agencies detailed a two-year-long brute-force campaign against cloud environments carried out by APT28 (GRU military unit 26165) https://therecord.media/... https://twitter.com/...