Mainly been directed at organizations using Microsoft Office 365 cloud services and also targeting other service providers, the cyber campaign is said to have begun in mid-2019 and to be “almost certainly” ongoing
Russian military hackers have been accused by the US and UK intelligence of being behind an ongoing cyber campaign to steal emails and other information, including from parliaments.
The cyber campaign is primarily focused on the United States and Europe.
Including UK political parties, there are said to be hundreds of targets around the world.
During the US 2016 presidential election, the same group allegedly stole and leaked Democrat emails.
The US says the group belongs to the 85th Main Special Service Center of the GRU, which is sometimes called Fancy Bear, APT28 or Strontium.
In the summer of 2020, Norwegian parliament was one of the recent targets.
Microsoft has previously said the same cyber campaign targeted US and UK organizations directly involved in political elections, including UK political parties.
Mainly been directed at organizations using Microsoft Office 365 cloud services and also targeting other service providers, the cyber campaign is said to have begun in mid-2019 and to be “almost certainly” ongoing.
The National Security Agency (NSA), the Cyber security and Infrastructure Security Agency, the Federal Bureau of Investigation and the UK’s National Cyber Security Centre have released a joint advisory accusing Unit 26165 of Russia’s GRU of being behind what they call a global campaign “to compromise enterprise and cloud environments”.
“This lengthy brute force campaign to collect and ex-filtrate data, access credentials and more, is likely to be ongoing, on a global scale”, said Rob Joyce, the NSA’s director of cyber security.