Russia's GRU military intelligence agency has carried out many of the most aggressive acts of hacking in history: Destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.
From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May and obtained by WIRED. According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers. The targets included "a wide range of US based organizations, state and federal government agencies, and educational institutions," the FBI notification states. And technical breadcrumbs included in that notice reveal that APT28 hackers have targeted the US energy sector, too, apparently as part of the same effort.
The revelation of a potentially ongoing US-targeted GRU hacking spree is especially troubling in light of the GRU's past operations, which have often gone beyond mere espionage to include embarrassing email leaks or even disruptive cyberattacks. APT28 hackers in particular have been the subject of US indictments alleging hack-and-leak operations targeting both the 2016 US election and the
Support the originator by clicking the read the rest link below.
