NCSC joins US partners to expose global brute force campaign by Russian Intelligence Services

1 Jul 2021 04:40 PM

NSA, CISA, FBI and the NCSC publish advice for network defenders to help protect their systems.

The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the NCSC yesterday published a joint advisory exposing malicious cyber activity by Russia’s military intelligence service, the GRU, against organisations globally.

The advisory reveals the tactics, techniques and procedures (TTPs) used in this campaign which has targeted both private and public sector networks from at least mid-2019. Global targets include government and military, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants or political parties and think tanks.

Network defenders are encouraged to follow mitigations outlined in the advisory and, in the first instance, ensure that multi-factor authentication (MFA) is rolled out across systems.

Read the advisory in full on the NSA website

Read the NSA’s statement

Further information and guidance

Brute force techniques are used by a wide range of adversaries to gain access to accounts when passwords are unknown. Microsoft has recently revealed that it had identified brute force and password spraying activity from a different Advanced Persistent Threat (APT) group known as NOBELIUM.

The NCSC has published advice and guidance which can help defend against attacks such as those described in the NSA advisory.