2021 年 7 月 1 日晚上 9:54
據國際戰略研究所發布的信息稱,美國當局認為俄羅斯的總參謀部 (GRU) 和某些下屬單位是進攻性網絡和影響行動的主要參與者。
英國國家網絡安全中心聯合發布了“俄羅斯 GRU 開展全球蠻力運動以破壞企業和云環境”的咨詢報告,敦促有關公司進一步加強網絡防御。
在一份聲明中,美國國家安全局 (NSA) 網絡安全主任羅布喬伊斯表示,該活動“可能在全球范圍內持續進行”。
已經有多個機構表示,俄羅斯一直在對全球數百個組織進行積極的網絡攻擊(圖片:PA)。
蠻力攻擊涉及自動破解具有潛在密碼的網站,直到黑客獲得訪問權限,但該活動的具體目標并未披露。
美國國家安全局表示,至少從 2019 年年中開始,與 GRU 相關的特工就試圖使用 Kubernetes 闖入網絡,Kubernetes 是一種最初由谷歌開發的用于管理云服務的開源工具。
美國國家安全局表示,雖然“大量”企圖闖入的目標是使用微軟 Office 365 云服務的組織,但黑客也攻擊了其他云提供商和電子郵件服務器。
據美國的網絡監控公司 Gigamon 的威脅分析師 Joe Slowik 表示,NSA 描述的蠻力方法和網絡內部橫向移動在國家支持的黑客和犯罪勒索軟件團伙中很常見,這使得 GRU 能夠與其他參與者混為一談。
聯邦調查局和網絡安全與基礎設施安全局也加入了咨詢行列。
UK, US Agencies Accuse Russian Military Intelligence Of 'Brute Force' Cyber Campaign
Multiple organisations have jointly published an advisory to promote greater security in the cyber domain.
1st July 2021 at 9:54pm
The US authorities consider Russia's Directorate of the General Staff (GRU) and certain subordinate units principle actors in offensive cyber and influence operations, according to the International Institute for Strategic Studies.
The British National Cyber Security Centre jointly issued the advisory 'Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments' – urging companies to bolster their defences.
In a statement, the US National Security Agency (NSA) Cybersecurity Director, Rob Joyce, said the campaign was “likely ongoing, on a global scale”.
Russia have been conducting aggressive cyber attacks against hundred of organisations worldwide, multiple agencies have said (Picture: PA)。
Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access, though specific targets of the campaign were not disclosed.
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019.
While a “significant amount” of the attempted break-ins targeted organisations using Microsoft's Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
The FBI and the Cybersecurity and Infrastructure Security Agency also joined the advisory.
