The attacks are using Kubernetes to conduct widespread, distributed, and anonymized brute force access attempts.
And the culprit is the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, or GTsSS for short.
Now, the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) announced a Cybersecurity Advisory detailing hacking activities by Russian military intelligence.
Russia is using brute force attacks to target hundreds of organizations around the world, including U.S. government and Department of Defense entities. Here is a list of the types of organizations they are going after:
• Government and military organizations
• Political consultants and party organizations
• Defense contractors
• Energy companies
• Logistics companies
• Think tanks
• Higher education institutions
• Law firms
• Media companies
And here is how the NSA describes the Russian hacking campaign:
"Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, the GTsSS uniquely leveraged software containers to easily scale its brute force attempts.
Once valid credentials were discovered, the GTsSS combined them with various publicly known vulnerabilities to gain further access into victim networks. This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes."
You can visit NSA's website for more information related to the Cybersecurity Advisory.
