The U.S. National Security Agency has issued a joint cybersecurity advisory with counterparts from allied nations highlighting a Russia-backed cyberattack operation targeting government and commercial entities in the West.
According to the CSA, Russia’s General Staff Main Intelligence Directorate 85th Main Special Service Center is leading cyber espionage efforts on the defense, transportation and IT industries. There is a particular focus on groups doing business with NATO member countries, Ukraine and other international organizations. Its common tactics and hacks used to infiltrate Western organizations included spearphishing for credentials, taking advantage of vulnerabilities in Outlook NTLM and WinRAR.
Known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard or BlueDelta, the Russian agency is also behind the hacking of internet-connected private cameras installed at key locations, such as military facilities, rail stations and border crossings.
The other entities that co-authored the latest CSA include the United Kingdom’s National Cyber Security Centre, the Canadian Centre for Cyber Security and the Danish Defense Intelligence Service. It is the latest CSA following April’s advisory to address the “fast flux” cyberthreat, which hides malicious actors by rapidly changing IP addresses.