WASHINGTON: US and British agencies disclosed on Thursday details of “brute force” methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.
An advisory released by the US National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.
In a statement, NSA Cybersecurity Director Rob Joyce said the campaign was “likely ongoing, on a global scale.”
Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.
Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year. While a “significant amount” of the attempted break-ins targeted organizations using Microsoft’s Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.
The US has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.
The Russian Embassy in Washington on Thursday “strictly” denied the involvement of Russian government agencies in cyberattacks on US government agencies or private companies.
In a statement posted on Facebook, the embassy said, “We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.”
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the US energy and government sectors and is something the US government has apparently been aware of for some time.
Slowik said the use of Kubernetes “is certainly a bit unique, although on its own it doesn’t appear worrying.” He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as “routine collection against policy makers, diplomats, the military, and the defense industry.”
“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” Hultquist said in a statement.
The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Center.
The GRU has been repeatedly linked by US officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Mueller’s office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks in an effort to harm Hillary Clinton’s presidential campaign and boost Donald Trump’s bid.
More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.
Unlike Russia’s foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraine’s power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.
GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, US officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in US politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden, whose son had earlier served on the board.
The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.
US, UK cybersecurity agencies disclose hacking methods used by Russian spy group
https://arab.news/v385k
US, UK cybersecurity agencies disclose hacking methods used by Russian spy group
- Operatives linked to Russia's spy agency GRU have tried to break into networks using Kubernetes, says NSO
Singapore says 3 men detained since October for seeking to join Mideast conflict
The Home Affairs Ministry said in a statement the three Singaporean men were not linked to one other and had been “radicalized” online, but there was no indication others had been recruited.
It was not immediately clear why the ministry announced the detention on Thursday.
Following their arrest in October, they were detained under Singapore’s Internal Security Act, which allows suspects to be held for lengthy periods without trial.
The three were a director of a digital marketing company, a lift mechanic, and a security guard, aged 41, 21, and 44, respectively.
One of the men had visited a shooting range in Thailand to learn to operate firearms, while two planned to visit shooting ranges in Indonesia, it said.
The ministry said restrictions were placed on two other Singaporeans in June and July last year under the security law, related to the conflict in Gaza.
More than 46,000 people have been killed in the Gaza war, according to Palestinian health officials.
Much of the enclave has been laid waste, and most of the territory’s 2.1 million people have been displaced multiple times and face acute shortages of food and medicine, humanitarian
agencies say.
Zelensky meets Meloni for talks in Rome
- Meloni “reiterated the all-round support that Italy ensures and will continue to provide to the legitimate defense of Ukraine... ,” her office said
- She also “expressed solidarity for the victims of the recent Russian bombings“
ROME: Ukrainian President Volodymyr Zelensky held talks in Rome Thursday with Italian Prime Minister Giorgia Meloni, after meeting other allies in Germany.
Meloni “reiterated the all-round support that Italy ensures and will continue to provide to the legitimate defense of Ukraine... to put Kyiv in the best possible condition to build a just and lasting peace,” her office said.
She also “expressed solidarity for the victims of the recent Russian bombings,” it said in a statement, as the grinding war nears the three-year mark.
Zelensky had earlier Thursday joined a meeting of about 50 allies at the US air base Ramstein in Germany — the last such gathering before Trump takes office on January 20.
The US president-elect has criticized the large amount of US aid for Kyiv and vowed to bring the war to a swift end, without making any concrete proposals for a ceasefire or peace agreement.
In Germany, Zelensky said Trump’s return to the White House would open a “new chapter” and reiterated a call for Western allies to send troops to help “force Russia to peace.”
In a post on X, Zelensky thanked Italy for its “unwavering support,” saying: “Together, we can bring a just peace closer and strengthen our collective positions.”
He and Meloni discussed “strengthening security, addressing global developments, and preparing for this year’s Ukraine Recovery Conference to be held in Rome,” he said.
Meloni, who has led NATO and EU member Italy since October 2022, has strongly supported Ukraine in its fight against Russia, but is also politically close to Trump.
At a press conference in Rome earlier, Meloni — who visited Trump at his Florida home last weekend — said she did not believe the president-elect would abandon Kyiv.
“Frankly I don’t foresee a disengagement,” she said, adding that Trump had previously “said precisely because we want peace, we will not abandon Ukraine.”
She added that she would support options for peace that Ukraine would support.
NATO and EU member Italy has sent arms and aid to Ukraine to help fight off Russia’s invading forces, but has refused to allow Kyiv to use its weapons inside Russian territory.
Zelensky’s spokesman Sergiy Nykyforov said the Ukrainian president would meet Friday with Italian President Sergio Mattarella, the country’s largely ceremonial head of state.
US Secretary of State Antony Blinken was also in the Italian capital on Thursday for separate talks with European counterparts on Syria. It was not clear if he planned to meet Zelensky during his trip.
US President Joe Biden had also been due to visit Rome in what was expected to be his final overseas trip in office, but canceled to focus on the federal response to wildfires raging across Los Angeles.
Scotland leader refuses to be drawn on Lockerbie bombing inquiry
- John Swinney would not speculate on backing public inquiry into 1988 attack while criminal case against suspected bomb maker underway in US
- Bombing of Pan Am Flight 103 over UK that killed 270 people blamed on Libyan intelligence officials
LONDON: Scotland’s first minister has refused to be drawn on whether he supports a public inquiry into the 1988 bombing of a passenger plane blamed on Libyan intelligence officials.
The downing of Pan Am Flight 103 over the Scottish town of Lockerbie killed 270 people and remains by far the most deadly terror attack on British soil.
Libyan intelligence officer Abdel Baset Ali Al-Megrahi was jailed in 2001 for his role in the plot to place the bomb on board the flight. Al-Megrahi, who died in 2012, always insisted he was innocent and doubts have been raised about his conviction.
A television series released last week in the UK, which tells the story of the investigation by one of the victim’s fathers, has renewed interest in the case, as has an upcoming court case in the US of the alleged bomb maker, the Libyan Abu Agila Masud.
A member of the Scottish Parliament, Christine Grahame, asked First Minister John Swinney on Thursday if he supported a UK inquiry into the bombing given the “remaining concerns for some, including myself, about the credibility of the conviction” of Al-Megrahi.
She also highlighted what she described as the resistance of the UK Government to releasing relevant documents in relation to the bombing, the Daily Record reported.
Swinney said that while there was a criminal case underway in the US, “I would prefer not to speculate on possible inquiries.”
Al-Megrahi is the only person to have been convicted for the attack and there has been no public inquiry in the UK.
His trial by a Scottish court sitting in the Netherlands took place more than 11 years after the bombing and followed long negotiations with the then Libyan leader Muammar Qaddafi to hand him over along with another suspect.
The recent TV series “Lockerbie: A Search for Truth” stars British actor Colin Firth as Jim Swire, whose daughter was killed on the flight as it flew from London Heathrow to New York City four days before Christmas.
Swire believes that Al-Megrahi, who died in 2012 three years after being released on compassionate grounds, was innocent.
Two-thirds of the victims of the bombing were American and 11 residents in the town of Lockerbie were killed when sections of the aircraft fell on residential areas.
Russia breaches frontline river in east Ukraine, official says
- The Oskil river is the de-facto front line in parts of the eastern Kharkiv region
- The major of the local hub, Kupiansk, said the situation was “extremely difficult”
KYIV: Russian forces have established a bridgehead on the Ukrainian-held side of a frontline river in the east of the country, a local official said Thursday, pointing to Kyiv’s mounting battlefield struggles.
The Oskil river is the de-facto front line in parts of the eastern Kharkiv region, with Ukrainian troops entrenched mainly on the western bank and Russian forces moving to capture the eastern side.
Kremlin forces have been launching audacious attempts to cross, and local Ukrainian official Andrii Besedin told state television Thursday they had managed to cross and establish positions.
“The enemy is trying to gain a foothold in the town of Dvorichna, which is already on the right bank of the Oskil, and expand the entire bridgehead,” he said.
Besedin, the major of the local hub, Kupiansk, said the situation was “extremely difficult” and warned that Russian troops could use the bridgehead to flank Ukrainian positions.
He said Russian forces were now just two kilometers (about one mile) outside of Kupiansk, which was one of the main prizes of a Ukrainian counteroffensive in late 2022.
“The enemy is constantly trying to carry out assault operations,” he said.
The advances conceded by the local official come at a precarious time for Ukrainian forces across the sprawling front, where Russian forces have been advancing at their fastest pace in around two years.
If Russia captures more territory around Kupiansk or in the wider Kharkiv area it would undo gains that Ukraine secured in a sweeping 2022 offensive that embarrassed the Kremlin.
Both sides are looking to secure a better position on the battlefield before incoming US president Donald Trump’s January 20 inauguration, almost three years after Russia invaded.
Putin says more needs to be done to clean up Black Sea oil spill
- The oil leaked from two aging tankers after they were hit by a storm on Dec. 15 in the Kerch Strait
- One sank and the other ran aground
MOSCOW: Russian President Vladimir Putin said on Thursday that more needed to be done to clean up an oil spill in the Black Sea, saying efforts so far appeared to have been insufficient to deal with the ecological disaster.
The oil leaked from two aging tankers after they were hit by a storm on Dec. 15 in the Kerch Strait. One sank and the other ran aground.
Approximately 2,400 metric tons of oil products spilled into the sea, Russian investigators said last week, in what Putin on Thursday called “one of the most serious environmental challenges we have faced in years.”
When the disaster struck, state media reported that the stricken tankers, both more than 50-years old, were carrying some 9,200 metric tons (62,000 barrels) of oil products in total.
Since the spill, thousands of emergency workers and volunteers have been working to clear tons of contaminated sand and earth on either side of the Kerch Strait. Environmental groups have reported deaths of dolphins, porpoises and sea birds.
The Kerch Strait runs between the Black Sea and the Sea of Azov and separates Crimea’s Kerch Peninsula from Russia’s Krasnodar region.
Putin told a government meeting that the clean-up efforts had been poorly coordinated between regional and federal bodies.
“From what I see and from the information I receive, I conclude that everything being done to minimize the damage is clearly not enough yet,” the Kremlin leader told officials.
He called for a commission to be formed to mitigate the disaster and prevent oil products from leaking from flooded tankers in the future.
