Malicious cyber activity by the GRU, Russia’s military service, against organizations in the U.S. and Europe has been occurring since mid-2019, according to a joint advisory published Thursday by the NSA, FBI, Cybersecurity and Infrastructure Security Agency (CISA), and National Cyber Security Center.
The GRU has targeted public- and private-sector networks, including the government and military, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants, political parties and think tanks, according to a nonprofit called the National Cyber Security Center.
BREAKING: NSA, FBI and UK’s NCSC says Russian military intelligence is behind cyberattacks on government servers, businesses, power grids and tech giants like Microsoft (SolarWinds) – Cybersecurity Advisoryhttps://t.co/R4XyQf6Mf7
— Insider Paper (@TheInsiderPaper) July 1, 2021
The National Cyber Security Center recommended and outlined mitigations in their advisory, including having multi-factor authentication across their systems. (RELATED: REPORT: US Suspects Russian Spy Unit Behind ‘Directed-Energy Attacks’ On American Officials)
Officials say the password-hacking campaign is still ongoing as part of the GRU’s effort to collect information from several sensitive copies, according to the joint advisory.
“The bread and butter of this group is routine collection against policy makers, diplomats, the military, and the defense industry and these sorts of incidents don’t necessarily presage operations like hack and leak campaigns,” John Hultquist, the vice president of analysis at a cybersecurity group, said to The Hill.