US confirmed Russian intelligence to be involved in hacker attacks
The US National Security Agency has officially confirmed that the Russian GRU is behind the hacking activities of Fancy Bear, APT28, Strontium and a number of others. The official report with this conclusion was published on the NSA website, as Ukrinform reported.
"Since at least mid-2019 through early 2021, Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes® cluster to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide.", - the document read
The center's malicious cyber activities have previously been attributed to NGOs known as Fancy Bear, APT28, Strontium, and many other groups.
At the same time, it is specified that the 85th General Center for Special Operations chose its goals mostly among organizations and institutions that used Microsoft Office 365®cloud software. Attacks were also made on software products from other service providers and local e-mail servers using various protocols.
" These efforts are almost certainly still ongoing. This brute force capability allows the 85th GTsSS actors to access protected data, including email, and identify valid account credentials ," the document said.
The NSA explained that among the goals that Russia's secret services had were government, military organizations, political consultants and party cells, defense contractors, energy and logistics companies in various countries. The list also includes think tanks, universities, law firms and media companies.
As IMI reported, Russian hackers launched a cyber attack on US government agencies and think tanks, using the marketing email profile of the United States Agency for International Development (USAID).