GRU – Page 2 – WindowsTechs.com

US says it disrupted Russian botnet ‘before it could be weaponized’

Posted on April 6, 2022 by Joe Warminsky

The botnet was being assembled by Russia’s foreign intelligence agency, the GRU, Attorney General Merrick Garland said at a news conference.

The post US says it disrupted Russian botnet ‘before it could be weaponized’ appeared first on CyberScoop.

Continue reading US says it disrupted Russian botnet ‘before it could be weaponized’→

Treasury Department sanctions alleged Russian cyber-espionage, disinformation sources

Posted on March 3, 2022 by Suzanne Smalley

The Biden administration on Thursday sanctioned Russian oligarchs and organizations for their role in spreading disinformation and supporting Russian President Vladimir Putin’s war in Ukraine, among them a news agency the Treasury Department says has ties to a Russian cyber-espionage and offensive unit. The sanctions targeted nine employees of InfoRos, a nominal news agency primarily run by the GRU, which controls the Russian military intelligence service and operates its own special forces units. According to the Treasury Department, the GRU’s 72nd Main Intelligence Information Center, a unit within Russia’s Information Operations Troops, functions as Russia’s “military force for conducting cyber espionage, influence, and offensive cyber operations” and is InfoRos’ operator. In a news release, the Treasury Department said InfoRos is a network of more than 1,000 websites which “spread false conspiracy narratives and disinformation promoted by GRU officials.” For example, in early December, 2021, Treasury officials said one Ukraine-based InfoRos […]

The post Treasury Department sanctions alleged Russian cyber-espionage, disinformation sources appeared first on CyberScoop.

Continue reading Treasury Department sanctions alleged Russian cyber-espionage, disinformation sources→

Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’

Posted on February 23, 2022 by Joe Warminsky

A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]

The post Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’ appeared first on CyberScoop.

Continue reading Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’→

White House attributes Ukraine DDoS incidents to Russia’s GRU

Posted on February 18, 2022 by Joe Warminsky

Russia was behind recent disruptions of Ukrainian government and banking websites, a top White House official said Friday. “We have assessed that Russia was responsible for the distributed denial-of-service [DDoS] attacks that occurred earlier this week,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology. Neuberger said the U.S. has “technical information” that shows digital infrastructure belonging Russia’s main intelligence directorate, the GRU, “transmitting high volumes of communication to Ukraine-based IP addresses and domains.” The British government also attributed the attacks to the GRU on Friday. DDoS incidents involve flooding websites with bogus traffic until they’re unavailable to most users. Ukrainian officials earlier this week did not attribute the incidents to a specific actor, but suggested Russia was the only country that would conduct such an operation. Around the same time as Tuesday’s DDoS attacks, Ukrainians also received spam text messages falsely claiming that ATMs didn’t work. […]

The post White House attributes Ukraine DDoS incidents to Russia’s GRU appeared first on CyberScoop.

Continue reading White House attributes Ukraine DDoS incidents to Russia’s GRU→

US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets

Posted on July 1, 2021 by Tim Starks

For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks that guess commonly-used passwords to get into target networks, according to the advisory from the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the U.K.’s National Cyber Security Centre. It’s the alleged handiwork of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165. The hackers, often described as Fancy Bear or APT28, have beeen blamed for a number of high profile intrustions, most prominently for interference in the 2016 U.S. presidential election. The […]

The post US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets appeared first on CyberScoop.

Continue reading US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets→

U.S. Takes Aim at Russia’s Cyber Ops Ecosystem

Posted on April 19, 2021 by Christopher Burgess

The Biden administration is taking the Russian cyber operations ecosystem to task with sanctions pointed at both established Russian companies as well as Russian-controlled entities created by the FSB, GRU and SVR for operational purposes. Coupled wit… Continue reading U.S. Takes Aim at Russia’s Cyber Ops Ecosystem→

U.S. government accuses Russian companies of recruiting spies, hacking for Moscow

Posted on April 15, 2021 by Shannon Vavra

The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has […]

The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop.

Continue reading U.S. government accuses Russian companies of recruiting spies, hacking for Moscow→

Exposing GRU’s Involvement in U.S Election Interference – 2016 – An OSINT Analysis

Posted on March 6, 2021 by Dancho Danchev

Dear blog readers,Continuing the “FBI’s Most Wanted Cybercriminals” series I’ve decided to share some of the actionable intelligence that I have on GRU’s involvement in the 2016 U.S Election interference with the idea to assist U.S Law Enforcement and … Continue reading Exposing GRU’s Involvement in U.S Election Interference – 2016 – An OSINT Analysis→

Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts

Posted on December 8, 2020 by Sean Lyngaas

Norwegian authorities on Tuesday got more specific in their accusation of Russian involvement in an August cyberattack on Norwegian parliament, implicating the same notorious group of suspected Russian military intelligence hackers accused of interfering in the 2016 U.S. election. Fancy Bear or APT28 — a group of hackers linked with Russia’s GRU military agency — was likely behind the breach, which resulted in the theft of “sensitive content” from some Norwegian lawmakers’ email accounts, Norway’s national police agency said in a statement. The attackers used a common technique called “brute forcing,” which bombards accounts with passwords until one works, to access the Norwegian parliament’s email system, according to the statement signed by Norwegian police attorney Anne Karoline Bakken Staff. The Fancy Bear operatives then tried to move further into parliament’s IT systems, according to the statement, but were unsuccessful. The intrusions were part of a broader suspected Fancy Bear campaign […]

The post Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts appeared first on CyberScoop.

Continue reading Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts→

Inside the DoJ’s GRU Indictments for Cyber Meddling

Posted on October 26, 2020 by Christopher Burgess

For the third time in the past two years, the United States has indicted intelligence officers associated with Russia’s Main Intelligence Directorate (GRU), the military intelligence entity of the General Staff of the Armed Forces of the Russian Feder… Continue reading Inside the DoJ’s GRU Indictments for Cyber Meddling→