London Daily

Focus on the big picture.
Saturday, Jul 26, 2025

US, Britain Warn of Russian ‘Brute Force’ Cyber Campaign

US, Britain Warn of Russian ‘Brute Force’ Cyber Campaign

The United States and Britain are sounding another alarm about Russian activity in cyberspace, accusing the Kremlin of repeatedly trying to smash its way into the critical systems of government agencies, defense contractors, universities and even political parties. 
A joint advisory Thursday from the U.S. National Security Agency (NSA) and Britain's National Cyber Security Center said Russian military intelligence, the GRU, has been carrying out a "brute force" campaign since 2019 — getting hold of credentials, such as email logins, and then repeatedly guessing passwords until the hackers can gain entry. 

"After gaining remote access, many well-known tactics, techniques, and procedures (TTPs) are combined to move laterally, evade defenses, and collect additional information within target networks," the advisory said.   

The advisory noted that Russia's GRU has successfully targeted hundreds of U.S. and foreign organizations, as well as various U.S. government agencies, such as the Department of Defense. 

The Russians "directed a significant amount of this activity at organizations using Microsoft Office 365 cloud services; however, they also targeted other service providers & on-premises email servers," according to the advisory. "These efforts are almost certainly still ongoing." 

Elements of the campaign have previously been attributed to the Russian cyber actors known as Fancy Bear, APT28 or Strontium, but the NSA said Thursday that it felt compelled to share additional information on the attacks given the size of the ongoing operations.

"While the brute force techniques are not new, the distributed, highly scalable and anonymized nature of this brute forcing infrastructure highlights a persistent and increasing threat to the community," the agency told VOA in a statement.

U.S. officials urged agencies and organizations to take basic precautions as a first step in fighting back. 

"You can counter it by using strong authentication measures," NSA Cybersecurity Director Rob Joyce tweeted Thursday. "Adding multi-factor authentication will go a long way in remediating the threat." 

The NSA said other precautions, including time-out and lock-out features, could also help slow brute-force attacks and even "render them infeasible."

The brute-force attack advisory follows a string of high-profile hacks and ransomware attacks, including the December hack of SolarWinds, a U.S.-based software management company, which exposed as many as 18,000 customers to Russian hackers, and the May 7 ransomware attack against Colonial Pipeline, the largest fuel pipeline operator in the U.S. 

U.S. intelligence agencies have said the SolarWinds hack was part of a Russian operation, although cybersecurity experts say it was carried out by Russia's foreign intelligence service and not the GRU. 

U.S. officials have blamed the GRU for targeting the Democratic National Committee during the 2016 elections and the pharmaceutical companies developing vaccines against the coronavirus. 

"This is a good reminder that the GRU remains a looming threat," John Hultquist, vice president of analysis at the cybersecurity firm Mandiant Threat Intelligence, said in a statement Thursday. 

Hultquist added that the advisory was "especially important given the coming Olympics, an event they may well attempt to disrupt." But he also warned that "despite our best efforts, we are very unlikely to ever stop Moscow from spying."    

Some U.S. lawmakers have called for mandatory reporting requirements for companies hit by major hacks, ransomware attacks and other types of breaches, saying it will help the government respond more effectively to cyber intrusions. 

The nation's new cyber director, Chris Inglis, has also warned that although too many malign actors are operating with impunity in cyberspace, many private sector companies have likewise failed to take the necessary precautions. 

"It may well be we need to step in and we need to regulate or mandate in the same way we've done that for the aviation industry or the automobile industry," Inglis told lawmakers during his confirmation hearing last month. 
Newsletter

Related Articles

0:00
0:00
Close
Deputy attorney general's second day of meeting with Ghislaine Maxwell has concluded
Controversial March in Switzerland Features Men Dressed in Nazi Uniforms
Politics is a good business: Barack Obama’s Reported Net Worth Growth, 1990–2025
Thai Civilian Death Toll Rises to 12 in Cambodian Cross-Border Attacks
TSUNAMI: Trump Just Crossed the Rubicon—And There’s No Turning Back
Over 120 Criminal Cases Dismissed in Boston Amid Public Defender Shortage
UN's Top Court Declares Environmental Protection a Legal Obligation Under International Law
"Crazy Thing": OpenAI's Sam Altman Warns Of AI Voice Fraud Crisis In Banking
The Podcaster Who Accidentally Revealed He Earns Over $10 Million a Year
Trump Announces $550 Billion Japanese Investment and New Trade Agreements with Indonesia and the Philippines
US Treasury Secretary Calls for Institutional Review of Federal Reserve Amid AI‑Driven Growth Expectations
UK Government Considers Dropping Demand for Apple Encryption Backdoor
Severe Flooding in South Korea Claims Lives Amid Ongoing Rescue Operations
Japanese Man Discovers Family Connection Through DNA Testing After Decades of Separation
Russia Signals Openness to Ukraine Peace Talks Amid Escalating Drone Warfare
Switzerland Implements Ban on Mammography Screening
Japanese Prime Minister Vows to Stay After Coalition Loses Upper House Majority
Pogacar Extends Dominance with Stage Fifteen Triumph at Tour de France
CEO Resigns Amid Controversy Over Relationship with HR Executive
Man Dies After Being Pulled Into MRI Machine Due to Metal Chain in New York Clinic
NVIDIA Achieves $4 Trillion Valuation Amid AI Demand
US Revokes Visas of Brazilian Corrupted Judges Amid Fake Bolsonaro Investigation
U.S. Congress Approves Rescissions Act Cutting Federal Funding for NPR and PBS
North Korea Restricts Foreign Tourist Access to New Seaside Resort
Brazil's Supreme Court Imposes Radical Restrictions on Former President Bolsonaro
Centrist Criticism of von der Leyen Resurfaces as she Survives EU Confidence Vote
Judge Criticizes DOJ Over Secrecy in Dropping Charges Against Gang Leader
Apple Closes $16.5 Billion Tax Dispute With Ireland
Von der Leyen Faces Setback Over €2 Trillion EU Budget Proposal
UK and Germany Collaborate on Global Military Equipment Sales
Trump Plans Over 10% Tariffs on African and Caribbean Nations
Flying Taxi CEO Reclaims Billionaire Status After Stock Surge
Epstein Files Deepen Republican Party Divide
Zuckerberg Faces $8 Billion Privacy Lawsuit From Meta Shareholders
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
SpaceX Nears $400 Billion Valuation With New Share Sale
Microsoft, US Lab to Use AI for Faster Nuclear Plant Licensing
Trump Walks Back Talk of Firing Fed Chair Jerome Powell
Zelensky Reshuffles Cabinet to Win Support at Home and in Washington
"Can You Hit Moscow?" Trump Asked Zelensky To Make Putin "Feel The Pain"
Irish Tech Worker Detained 100 days by US Authorities for Overstaying Visa
Dimon Warns on Fed Independence as Trump Administration Eyes Powell’s Succession
Church of England Removes 1991 Sexuality Guidelines from Clergy Selection
Superman Franchise Achieves Success with Latest Release
Hungary's Viktor Orban Rejects Agreements on Illegal Migration
Jeff Bezos Considers Purchasing Condé Nast as a Wedding Gift
Ghislaine Maxwell Says She’s Ready to Testify Before Congress on Epstein’s Criminal Empire
Bal des Pompiers: A Celebration of Community and Firefighter Culture in France
FBI Chief Kash Patel Denies Resignation Speculations Amid Epstein List Controversy
Air India Pilot’s Mental Health Records Under Scrutiny
×