 |
| Russian pirates attacked US networks again |
With the support of the Russian Military Intelligence Agency (GRU), Russian pirates were once again targeting American networks and interfering in various ways against organizations, from government agencies to critical infrastructure.
Previously, the Russian Military Intelligence Agency (GRU) had carried out several piracy operations, including large-scale piracy, which were designed to influence the results of the 2016 US presidential election.
Russian hackers, known as APT28 or (Fancy Bear) of the Russian Military Intelligence Agency (GRU), launched widespread piracy against U.S. targets from December 2018 to at least May.
According to the FBI warning of abuse victims in May, Russian hackers attempted to snoop on the victim's mail server, Microsoft Office 365, the mail account, and the VPN server.
The goals include a variety of US organizations, government agencies, the federal government, and educational institutions.
Technical data from the warning (APT28) show that hackers have also targeted the U.S. energy industry.
Given the previous actions of the Russian Military Intelligence Service (GRU), the discovery of a new wave of Russian piracy against the United States is discovering special importance. This procedure is not usually restricted to spying, but also includes email leaks or devastating cyber attacks.
Hackers (APT28) have been prosecuted in the United States and charged with violating the 2016 US elections and the World Anti-Doping Agency.
The latest attack is revenge on the International Olympic Committee, which has prevented Russia from using steroids to improve performance in order to participate in the 2018 Olympic Games.
A FBI spokesperson wrote in a statement from the Secret Victims Alert (APT28): "Although the motive is unclear, we can make judgments based on the type of target, as described in the previous indictment." "
The FBI also said that the raids supported by the Russian Military Intelligence (GRU) could continue in recent months, and these activities are expected to continue.
According to the warning, hackers (APT28) were able to access the network through fraudulent emails sent to personal email accounts and corporate accounts.
Hackers also use different attacks, for example, testing common passwords for multiple accounts and guessing password attacks against one or a small number of accounts.
A few days after the U.S. Security Agency sent a warning to FBI victims in early May, it issued a general recommendation to Sandworm, an independent secret organization closely linked to the Russian Military Intelligence Agency (GRU), exploiting vulnerabilities in its mail servers. (End) Target the victim.
A member of the organization said: The IT staff saw no signs of a successful phishing attack, but they discovered that the hacker was able to access and access the mail server, and steal the entire mailbox.
The FBI declined to say how many victims the APT28 campaign could target or the number of successful attempts.
However, the security company (FireEye) said: Some organizations have hacked and the Internet Protocol (IP) address used in the FBI warning that these hackers use matches the address listed in (APT28).
It appears that hackers do not use malware to infect the system, but rather they use stolen credentials to browse the web like employees.
At least one of the group's goals appears to have been achieved in the US energy sector. The Energy Department warned in January last year that someone had checked the login pages of US energy companies that had previously used APT28.
The FBI listed the same IP addresses in the addresses used by APT28 hackers until May and confirmed that APT28 was most likely the cause of this accident.
The energy sector intervention represents a change in focus (APT28). Although it appears to be a new project from the APT28 group, the Russian Military Intelligence Agency (GRU) has a history of infiltration of critical infrastructure.
The Sandworm hacker group installed malware on the U.S. electricity grid in 2014 and implemented the first power outages due to cyber attacks in Ukraine in 2015 and 2016.