US, UK agencies say Russia is abusing Kubernetes to launch massive cyberattacks

GRUsome cyberattacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Russian military intelligence has been abusingcloudinfrastructure to launch attacks against hundreds of targets worldwide, saycybersecurityagencies from the US and UK.

An advisoryreleased by a number of agencies, including the FBI and UK National Cybersecurity Centre (NCSC), claims the Russian General Staff Main Intelligence Directorate (GRU) is conducting brute-force password attacks against both private and public sector organizations.

Previously, these attacks had been blamed on threat actors such as Fancy Bear, APT28, Strontium and others, but the security agencies now believe they are directed by a GRU unit known as GTsSS.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“The GTsSS directed a significant amount of this activity at organizations usingMicrosoft Office 365cloud services; however, they also targeted other service providers and on-premisesemailservers using a variety of different protocols,” the joint advisory explains.

Ongoing campaign

In their breakdown of the attacks, the agencies say GTsSS employs aKubernetescluster to break into private networks in order to access protected data, including email, and identify valid account credentials.

Commenting on the modus operandi, the advisory says the attackers target victims by using a combination of compromised account credentials and publicly known vulnerabilities, such as the ones recently discovered inMicrosoft Exchange servers.

Furthermore, to obfuscate their origin, the attackers route their brute force authentication attempts through Tor andVPNservices.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The joint statement comes not long after ameeting in Genevabetween US President Joe Biden and his Russian counterpart Vladimir Putin. But the agencies believe the attacks “are almost certainly still ongoing.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

Your doctor may have an AI assistant taking notes during your next Zoom call