Russian Military Hackers Have Been On a Password Guessing Spree

Photo by OZAN KOSE / AFP - Getty ImagesAccording to U.S. officials and U.K security agency personnel, a select group of hackers linked to Russian military intelligence has been using brute force attacks against hundreds of organizations around the globe.AdvertisementAccording to a joint advisory, Thursday's publication stated that 26165, also known as Fancy Bear, had been conducting widespread brute force access attacks against hundreds of government and private sector targets.According to the advisory, the attacks started in mid-2019 and continued into early 2021. It adds that these efforts are almost certain to be ongoing.Brute force cyberattacks are a popular form of cyberattack. They involve rapid password guessing to gain access to online accounts. Hackers can deploy automated software that can scan millions of matches per second.According to the advisory, hackers combine brute force tactics with known vulnerabilities to gain access to organizations and push further into the networks.Unit 26165/Fancy Bear is a Russian General Staff Main Intelligence Directorate. It has been associated with a variety of high-profile cyberattacks. This same group is suspected to be responsible for attacks on the Democratic National Committee in 2016 and the Hillary Clinton Campaign in 2016. It is well-known to target Western military and political targets.This news comes two weeks after President Biden's first meeting with Vladimir Putin, which was supposedly positive and productive.AdvertisementThe advisory advises that network managers should use multi-factor authentication and increase their usage to counter this capability. Other mitigations include lock-out and time-out mechanisms, strong password use, mandatory use of strong passwords, and implementation of a Zero Trust security system that uses additional attributes to determine access. Analytics can also be used to detect anomalous accesses.