Mediaboss Marketing

WASHINGTON (AP) U.S. and British agencies disclosed on Thursday details of brute force methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.

An advisory released by the U.S. National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.

In a statement, NSA Cybersecurity Director Rob Joyce said the campaign was likely ongoing, on a global scale.

Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.

Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.

The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year. While a significant amount of the attempted break-ins targeted organizations using Microsofts Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.

The U.S. has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.

The Russian Embassy in Washington on Thursday strictly denied the involvement of Russian government agencies in cyberattacks on U.S. government agencies or private companies.

In a statement posted on Facebook, the embassy said, We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.

Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the U.S. energy and government sectors and is something the U.S. government has apparently been aware of for some time.

Slowik said the use of Kubernetes is certainly a bit unique, although on its own it doesnt appear worrying. He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.

John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as routine collection against policy makers, diplomats, the military, and the defense industry.

This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt, Hultquist said in a statement.

The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Centre.

The GRU has been repeatedly linked by U.S. officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Muellers office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks in an effort to harm Hillary Clintons presidential campaign and boost Donald Trumps bid.

More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.

Unlike Russias foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraines power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.

GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, U.S. officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in U.S. politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden, whose son had earlier served on the board.

The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.

___

Bajak reported from Boston.

Originally posted here:
NSA discloses hacking methods it says are used by Russia - The Associated Press

Adversaries have heavily invested in cyberspace operations and capabilities. As such, cyber operations, cybersecurity and information operations are increasingly important to the joint force, said the commander of U.S. Cyber Command, who's also the director of the National Security Agency.

"The scope of what we need to defend and protect has dramatically expanded," Army Gen. Paul M. Nakasone said today during a virtual address to the U.S Naval Institute and Armed Forces Communications and Electronics Association's WEST Conference.

The Defense Department's information network is composed of 15,000 sub-networks, 3 million users, 4 million computers, 180,000 mobility devices and 605 million website requests a day, he said.

"We used to think about cyberspace as merely the need to protect these computer networks. And while it's a good place to start, the attack surface is much broader," Nakasone said.

For example, protecting weapons systems is a related but distinct challenge compared to networks, he said. They require software updates and patches. In the case of the Navy, they're onboard ships that don't return to port for months at a time, making it even more challenging to provide timely updates.

Another challenge with weapons systems is ensuring that cybersecurity considerations are implemented in the earliest phases of the acquisition cycle, he said.

Protecting DOD's data is also a major challenge, he said.

Understanding how state and non-state adversaries are able to successfully carry out cyberattacks is important, he said. "They learn over time in terms of what they can do. They're not static in the terms of how they approach cyberspace."

In about the past 150 days, adversaries have successfully conducted supply chain attacks, particularly ransomware attacks, he said. In the last several years, election cybersecurity has taken on an increasingly important role.

Terrorist groups are also mounting cyberattacks, he said. In response, the department has emphasized close teamwork between the NSA, Cybercom, and other commands U.S. Special Operations Command, in particular.

"We learned how to work closely with U.S. Special Operations Command, both to support their efforts against kinetic targets and to leverage their capabilities against virtual ones," he said.

Nakasone also emphasized the importance of working with industry, academia, interagency partners like the FBI and the Department of Homeland Security, as well as with allies and partners.

Having a skilled and motivated workforce is also critically important, he said. They need to have the right training and career paths and professional development opportunities, and the DOD must be open to their new ideas.

Read the original post:
NSA, Cybercom Leader Says Efforts Have Expanded > US DEPARTMENT OF DEFENSE > Defense Department News - Department of Defense

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S.

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.'s National Cyber Security Centre (NCSC) formally attributed the incursions to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks).

APT28 has a track record of leveraging password spray and brute-force login attempts to plunder valid credentials that enable future surveillance or intrusion operations. In November 2020, Microsoft disclosed credential harvesting activities staged by the adversary aimed at companies involved in researching vaccines and treatments for COVID-19.

What's different this time around is the actor's reliance on software containers to scale its brute-force attacks.

"The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said. "After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement."

Some of the other security flaws exploited by APT28 to pivot inside the breached organizations and gain access to internal email servers include -

The threat actor is also said to have utilized different evasion techniques in an attempt to disguise some components of their operations, including routing brute-force authentication attempts through Tor and commercial VPN services, such as CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and WorldVPN.

The agencies said the attacks primarily focused on the U.S. and Europe, targeting government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.

"Network managers should adopt and expand usage of multi-factor authentication to help counter the effectiveness of this capability," the advisory noted. "Additional mitigations to ensure strong access controls include time-out and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses."

Read the original:
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers - The Hacker News

Scene from the Netflix show Pine Gap, showing one of the maps that the government of Vietnam took issue with.Screenshot: Netflix

Netflix has pulled a spy drama called Pine Gap from the video streaming platform in Vietnam after the government complained about maps that appear in at least two episodes. The maps are a misrepresentation of Vietnams sovereignty, according to officials in Hanoi.

The maps in Pine Gap include the so-called nine-dash line, which appears on maps promoted by the Chinese government. The maps show Chinas claim to water and islands in the South China Sea, something Vietnam doesnt recognize.

Its at least the third time Vietnams government has complained to Netflix about maps showing the nine-dash line, which appears in an unaltered screenshot from the program above in red, and annotated in yellow below.

Netflixs violations angered and hurt the feelings of the entire people of Vietnam, Vietnams Authority of Broadcasting and Electronic Information said on Thursday, according to a report from Reuters.

G/O Media may get a commission

Pine Gap is a fictional portrayal of the very real U.S. spy facility located in the middle of Australia. The real Pine Gap was created with an agreement between the U.S. and Australian governments in 1966 and has been used since the first Cold War to collect signals intelligence for the Five Eyes spy alliance. Its more or less the CIA and NSAs hub for hoovering up information from all of Asia.

The two episodes of Pine Gap in question, both the second and third in the series, briefly show maps that include the nine-dash line. Several countries in Southeast Asia, including Vietnam and the Philippines, dont recognize Chinas territorial claims in the South China Sea. China regularly spars with countries over even the smallest incursions into what the Chinese Communist Party sees as its territory.

As Reuters notes, authorities in Vietnam banned the DreamWorks animated movie Abominable in 2019 over maps showing the nine-dash line. Vietnam has also taken issue with nine-dash line maps in a Chinese show called Put Your Head on My Shoulder, which has been pulled from Netflix, as well as the U.S. series Madam Secretary, which is still available in the country.

The nine-dash line that appears in Put Your Head on My Shoulder, flashes on screen for roughly one second and is hard to make out, as you can see in the screenshot Gizmodo captured below from the ninth episode of the series.

Following a written legal demand from the Vietnamese regulator, we have removed the licensed series, Pine Gap, from Netflix in Vietnam, to comply with local law. It remains available on our service in the rest of the world, a Netflix spokesperson told Gimzodo early Friday via email.

View original post here:
Netflix Pulls NSA-Themed Show in Vietnam Over Offensive Maps - Gizmodo

Fox personality Tucker Carlson speaks at a Business Insider conference in New York, N.Y., November 30, 2017. (Lucas Jackson/REUTERS)

Today onThe Editors, Rich, Charlie, and Michael discuss Tuckers accusations against the NSA, todays Supreme Court decisions, New Yorks disastrous mayoral election mess-up, and much more.

Editors picks: Rich: Dan McLaughlins piece Is Ranked-Choice Voting a Voting Rights Act Violation? Charlie: Dan McLaughlins pieces onall the recent SCOTUS decisions MBD: Richs piece The Absurdly Misleading Attacks on Anti-CRT Rules

Light items: Rich: Ryan Reeves history lectures on YouTube Charlie: Rewatching old Westerns MBD: A close encounter with a bear

Sponsors:MoinkThe Bahnsen Group

The Editorsis hosted by Rich Lowry and produced by Sarah Schutte.

July 2, 2021

Rich is joined by acclaimed historians Richard Brookhiser and Allen Guelzo for a discussion of the American Founding, George Washington, and much more.

July 1, 2021

Rich, Charlie, and Michael discuss Tuckers accusations against the NSA, todays Supreme Court decisions, New Yorks disastrous mayoral election mess-up, and much more.

June 29, 2021

Rich, Charlie, Alexandra, and Jim discuss the bipartisan infrastructure bill, the horrific Surfside building collapse, and Garry Willss sophomoric NYT op-ed.

June 25, 2021

Rich, Charlie, Alexandra, and Michael discuss the dying infrastructure bill, Bidens shifting crime stance, and Pences recent comments about the 2020 election.

June 22, 2021

Kyrsten Sinemas op-ed, the ridiculous infrastructure talks, and the Sheldon Whitehouse beach club scandal.

June 21, 2021

On this special edition ofThe Editors, Rich is joined by Daniel Grant, co-founder and CEO of 2ndVote Advisers.

June 17, 2021

SCOTUS rulings, Bidens meeting with Putin, and the growing critical race theory uproar.

June 15, 2021

Bidens performance at the G-7 summit, the woke scolds coming for Tom Hanks, Lin-Manuel Miranda, and Ellie Kemper, and more.

June 11, 2021

Today on The Editors, Rich, Charlie, and Michael discuss whether the Republican Party is anti-democracy and wonder why on earth Jeffrey Toobin is back on CNN.

June 8, 2021

The Editors, Rich, Charlie, and Jim discuss the new January 6 report, Kamala Harriss speech in Guatemala, and the ProPublica IRS document leak.

Read more:
Episode 343: Tucker Takes on the NSA - National Review