Russian military hackers ran a campaign to steal and compromise the passwords of people employed in sensitive jobs at hundreds of companies and organisations worldwide, including US, UK and European government and military agencies, US and British national security officials said earlier today.
They also targeted a range of political parties, government offices, defence contractors, energy companies, think tanks, law firms, media outlets and universities, according to the officials.
The password-hacking campaign was part of a broader effort by Russia’s GRU to collect information from a wide range of sensitive targets, said a joint advisory by the National Security Agency, the FBI, the Department of Homeland Security and the UK’s GCHQ.
It is distinct from other Russian operations in cyberspace such as the SolarWinds campaign, which was instead carried out by Russia’s foreign intelligence service, the SVR, and relied on malicious code secretly embedded in trusted software rather than direct attacks on user passwords.
Difficult to identify malicious use
Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, said this evening that “It shouldn’t surprise anyone that any nation is actively attempting to compromise the credentials of people employed in sensitive or prominent positions; be they in government, industry or the media.”
“Once the account is compromised, there is no easy way to differentiate between the legitimate activities of a user and potentially legitimate, but malicious attempts to access data,” Mackey stressed.
“This is precisely why security professionals have been recommending MFA solutions for years, and why restricting access rights using techniques like zero-trust networking are so powerful,” he continued.