03 July 21, 07:33
Quote:U.S. and U.K. authorities are warning that the APT28 advanced-threat actor (APT) – a.k.a. Fancy Bear or Strontium, among other names – has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets worldwide.
The joint alert (PDF) – posted on Thursday by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the U.K.’s National Cyber Security Centre (NCSC) – attributes the campaign to the APT group, which has long been suspected of having ties to the General Staff Main Intelligence Directorate (GRU) arm of Russia’s military intelligence.
The attacks have been launched since at least mid-2019 through early 2021 and are “almost certainly still ongoing,” according to the advisory.
The threat actor has targeted “a significant amount” of its activity at organizations using Microsoft Office 365 cloud services, authorities warned.
The attackers are after the passwords of people who work at sensitive jobs in hundreds of organizations worldwide, including government and military agencies in the U.S. and Europe, defense contractors, think tanks, law firms, media outlets, universities and more.
Read more: Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28 | Threatpost