The FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency and the U.K. government’s national cybersecurity center have issued a joint advisory on a brute force campaign by Russian military intelligence against U.S. and foreign organizations.
The malicious cyber activities by the Russian general staff main intelligence directorate 85th main special service center targeted government and military organizations, political organizations, defense contractors, think tanks, media companies, law firms, logistics and energy companies and higher education institutions, the FBI said Thursday.
The brute force capability enables threat actors to gain access to email and other protected data and identify valid account credentials through password guessing and other extensive login attempts.
The agencies said the exploitation efforts are still ongoing. They also listed in the advisory some of the known tactics, techniques and procedures of the threat actors involved in the brute force campaign.
The FBI, CISA, NSA and U.K.’s NCSC outlined several measures organizations can take to counter the cyberthreat, including the use of multifactor authentication, enabling time-out and lockout features whenever password authentication is needed, changing all default credentials and employing network segmentation and restrictions.
