NSA-CISA-NCSC-FBI joint cybersecurity advisory on Russian GRU brute force campaign

The US and UK intelligence agencies issued a joint advisory warning that connects Russian military intelligence with the conduct of ‘brute force access attempts against hundreds of government and private sector targets worldwide.’ The culprit was identified as Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), also known as Fancy Bear, APT28, Strontium.

GTsSS used brute force techniques to discover valid credentials, often through extensive login attempts. The malicious actor then combined identified credentials with exploiting publicly known vulnerabilities to gain remote access to networks. From there, the actor would move laterally, and evade defenses, and collect information from the victim’s networks.

According to the advisory, the campaign started mid-2019 and is likely ongoing. The Russian embassy in the USA denied these ‘unfounded’ accusations.