Original release date: July 1, 2021
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released Joint Cybersecurity Advisory (CSA): Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.
The CSA provides details on the campaign, which is being conducted by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The campaign uses a Kubernetes® cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide. After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement.
CISA strongly encourages users and administrators to review the Joint CSA for GTSS tactics, techniques, and procedures, as well as mitigation strategies.
This product is provided subject to this Notification and this Privacy & Use policy.
Systems Affected Continuing Threats to Home Users View Previous Alerts Alert (SA04-079A) Continuing Threats…
Systems Affected Microsoft Windows systems Overview A cross-domain vulnerability in the Outlook…
Systems Affected Systems running Microsoft Windows Overview There are multiple vulnerabilities in…
Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call (RPC) and Distributed…
Systems Affected Cisco routers and switches running vulnerable versions of IOS. Vulnerable IOS versions known…
Systems Affected Systems that rely on persistent TCP connections, for example routers supporting BGP Overview…
This website uses cookies.