Carley Welch
WASHINGTON — Russian military hackers are carrying out a cyber campaign targeting Western information technology, defense and transportation companies in an effort to slow the flow of foreign assistance to Ukraine, according to a joint cybersecurity advisory.
The Tuesday advisory, authored by a slew of foreign and US cyber and military intelligence agencies including US Cyber Command, the National Security Agency and DoD Cyber Crimes Center, accuses the 85th Main Special Service Center’s military unit 26165 inside the Russian General Staff Main Intelligence Directorate, or GRU, of using “a mix of known tactics, techniques, and procedures” to target companies located in the US, NATO nations and other allied countries.
Unit 26165, which is also known as Advanced Persistent Threat (APT) 28, Fancy Bear, Blue Delta or Forest Blizzard, has been conducting the campaign since shortly after Russia invaded Ukraine over three years ago.
“In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence — with unit 26165 predominately involved in espionage,” the report read. “As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid.”
The advisory did not name the companies targeted, and neither the Pentagon nor the NSA responded to a request for comment by the time of publication.
The warning follows a similar one from September, in which US and partner security organizations said another Russian hacking unit, GRU unit 29155, was also attempting to disrupt aid to Ukraine.
The new warning said hackers infiltrated the systems of several companies and entities through a variety of means, including but not limited to: credential guessing, phishing emails with links leading to fake login pages, phishing links that delivered malware, and weaponizing a Microsoft Outlook NTLM vulnerability.
No comments:
Post a Comment