Advisory warns Russia-linked hackers targeting U.S., European entities

Hackers from Russia’s military intelligence agency, the GRU, are engaged in a global campaign to target “hundreds” of predominantly American and European entities, including government and military organizations, energy companies, think tanks and media companies, according to a new joint cybersecurity advisory issued by U.S. and U.K. national security agencies Thursday.  

The campaign began in mid-2019 and is “almost certainly” ongoing, the advisory warned, noting hackers are using an amplified and anonymized version of what are known as “brute force” access attempts – trying to log in to target networks by repeatedly guessing passwords – against a broad range of government and private organizations around the world.  

The advisory didn’t identify specific victims or reveal how much or what kind of data may have been exfiltrated. It urged organizations to “adopt and expand” protective and mitigation techniques, including multi-factor authentication, lock-out features and mandatory use of strong passwords. 

It wasn’t immediately clear if this GRU-led campaign had any links to the SolarWinds supply chain attack, which was attributed to a separate Russian intelligence service known as the SVR, or to other notable ransomware attacks on Colonial Pipeline or JBS meat supplier, which were targeted by two separate criminal ransomware groups known to have links to Russia. The NSA did not immediately respond to a request for comment on potential links.