For months, Russian military hackers have engaged in a campaign to compromise the passwords of people employed in sensitive jobs at hundreds of organizations worldwide including US and European government and military agencies, US and British national security officials said Thursday.
The extensive effort also targeted political parties, government offices, defense contractors, energy companies, think tanks, law firms, media outlets and universities, the officials said.
The password-hacking campaign, which official believe is almost certainly still ongoing, is part of a broader effort by Russia’s GRU to collect information from a wide range of sensitive targets, said a joint advisory by the National Security Agency, the FBI, the Department of Homeland Security and the UK’s GCHQ.
It is distinct from other Russian operations in cyberspace such as the SolarWinds campaign — which was instead carried out by Russia’s foreign intelligence service, the SVR, and relied on malicious code secretly embedded in trusted software rather than direct attacks on user passwords.
This campaign, which involved attempts to break the passwords of people affiliated with major organizations worldwide, began in mid-2019 and while aspects of it have been publicly reported, the US government is attributing it to Russia’s military intelligence agency, the GRU, for the first time this week.
The advisory released Thursday does not specify how often these attacks were successful, but it does say that the actors “have used” identified account credentials in conjunction with known vulnerabilities.
“The bread and butter of this group is routine collection against policy makers, diplomats, the military, and the defense industry and these sorts of incidents don’t necessarily presage operations like hack and leak campaigns,” according to John Hultquist, VP of Analysis, Mandiant Threat Intelligence. “Despite our best efforts we are very unlikely to ever stop Moscow from spying.”
One high-profile example of the campaign was disclosed last September, when Microsoft said it had detected attacks on passwords belonging to tens of thousands of…