National Cyber Security Centre
NCSC joins US partners to expose global brute force campaign by Russian Intelligence Services
NSA, CISA, FBI and the NCSC publish advice for network defenders to help protect their systems.
The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the NCSC yesterday published a joint advisory exposing malicious cyber activity by Russia’s military intelligence service, the GRU, against organisations globally.
The advisory reveals the tactics, techniques and procedures (TTPs) used in this campaign which has targeted both private and public sector networks from at least mid-2019. Global targets include government and military, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants or political parties and think tanks.
Network defenders are encouraged to follow mitigations outlined in the advisory and, in the first instance, ensure that multi-factor authentication (MFA) is rolled out across systems.
Further information and guidance
Brute force techniques are used by a wide range of adversaries to gain access to accounts when passwords are unknown. Microsoft has recently revealed that it had identified brute force and password spraying activity from a different Advanced Persistent Threat (APT) group known as NOBELIUM.
Latest News from
National Cyber Security Centre
Top of the class: Schools awarded by experts for high quality cyber teaching20/09/2021 12:20:00
Sixteen schools and colleges achieve recognition from the NCSC for excellence in cyber security education.
UK and US cyber security leaders meet to discuss shared threats and opportunities13/09/2021 11:15:00
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency meet in London.
Record number of teenagers sign up to develop cyber skills over summer26/08/2021 16:20:00
Participation at all-time high for CyberFirst summer courses, led by the National Cyber Security Centre (NCSC).
Email innovation simplifies takedown of cyber scams12/08/2021 14:15:00
Scam emails can be sent directly to SERS via a new button organisations can add to their Microsoft Office 365 accounts.
Tech startups join UK cyber experts to address security challenges11/08/2021 09:15:00
The first companies to work with the NCSC for Startups initiative have been selected.
Public can now report scam websites direct to the NCSC10/08/2021 11:15:00
A new reporting tool has been made available for the general public who come across scam websites.
NCSC lifts lid on three random words password logic09/08/2021 11:15:00
Cyber security experts recently (Friday) revealed in depth for the first time the logic behind their advice to use three random words when creating passwords.
UK and allies publish advice to fix global cyber vulnerabilities28/07/2021 15:25:00
A joint advisory from international allies has offered advice for the most publicly known software vulnerabilities.