Britain’s National Security Cyber Center (NSCC) issued a statement jointly with the U.S. National Security Agency, the FBI and other U.S. agencies yesterday which in effect claims that Russia is engaged in a cyber war against the whole world. The joint advisory that these agencies issued “reveals the tactics, techniques and procedures (TTPs) used in this campaign which has targeted both private and public sector networks from at least mid-2019,” claims the NSCC in a statement. “Global targets include government and military, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants or political parties and think tanks.” The advisory includes a list of steps network administrators can take to secure their networks against this alleged campaign. [1https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF]
The U.S.-U.K. joint statement claims that this operation is run by a unit of Russian military intelligence (the infamous GRU) called the 85th Main Special Service Center (GTsSS), military unit 26165, which they say is running “widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide,” they write in the Executive Summary. “The 85thGTsSS directed a significant amount of this activity at organizations using Microsoft Office 365®cloud services.”
“This campaign has already targeted hundreds of U.S. and foreign organizations worldwide, including U.S. government and Department of Defense entities. While the sum of the targeting is global in nature, the capability has predominantly focused on entities in the U.S. and Europe.”
