US Election Under Cyber Threat: Notorious Russian GRU Hackers Are Targeting Government Agencies

FBI notified States, saying that threat actors are targeting US organizations, state and federal government agencies, as well as, educational institutions

Russia's GRU military intelligence agency has been mentioned in many previous reports discussing the details about several digital threats in the history of hacking it has carried out. Now, once again, as the U.S. Presidential election date is coming close, the GRU is hitting American networks including government agencies and critical infrastructure, claimed a report.

Starting from 2018 December till at least 2020 May, GRU hackers group, which is known as APT28 conducted a broad hacking campaign against the U.S. targets, revealed an FBI notification, sent to victims of the breaches in May this year.

The federal agency said the Russian hackers primarily attempted to break into victims' mail servers, Microsoft Office 365 and email accounts, as well as, VPN servers. As reported by Wired, the FBI notification, which was sent to several State authorities has revealed that the targets included many U.S. based organizations, state and federal government agencies, as well as, educational institutions. It also came under the spotlight that APT28 hackers, who are also known as Fancy Bear, have also targeted the U.S. energy sector.

GRU Hacking Spree

Donald Trump and Putin
US President Donald Trump and Russian President Vladimir Putin Wikimedia commons

The revelation about GRU hacking activities came after the U.S., Canada and the U.K. accused a well-known hacker group tied to the Russian government, known as APT29 aka Cozy Bear of using malware to breach into the security vulnerabilities and steal Coronavirus vaccine research data from biotech companies.

Earlier, the U.S. accused the GRU hackers of launching hack-and-leak operations, targeting the 2016 U.S. election and the World Anti-Doping Agency, which was confirmed by the tech giant, Microsoft in 2019. It was reported that the latter attack was apparently a retaliation by Russia after the Russian athletes were banned from participating in the 2018 Winter Olympics due to performance-enhancing drug use.

In a statement, a spokesperson from the FBI said that even though all motives were not clear, "We can make judgments based on the nature of the target as seen through past indictments." As per the FBI, the hacking activities by GRU hackers have probably continued in the recent months. The cybercriminals have gained access to networks by sending phishing emails to both personal and work email accounts. FBI claimed that the hackers have also used password-spraying attacks in which the attackers try common passwords across many accounts.

After the FBI alerted the victims in early May, the National Security Agency (NSA) of the U.S. issued a public advisory, saying that another Kremlin-backed hacking group, Sandworm, was exploiting a vulnerability in Exim mail servers to target victims. But FBI has confirmed that there is no connection between Exim exploitation and the APT28 hacking campaign.

Victims of APT28

Singapore universities cyber attack
cybersecurity (Representational picture) Pixabay

Even though it is not revealed how many victims the GRU hackers have targeted or how many attacks became successful, security company FireEye said that it has come to know that a handful of cyberattack victim organizations, which were compromised by threat actors using the same IP address listed as used by APT28 in the FBI's notification.

As per the report, a Department of Energy advisory issued in January warned that on Christmas Eve of 2019, the login pages of an unnamed U.S. energy firm were probed from an IP address that had earlier been used by the APT28 hackers. The same IP address was also found in the FBI's list of those used by the APT28 group through May.

However, the new hacking campaign by Russian hackers, targeting the U.S. organization, has triggered speculations over another election meddling incident this year. But as of now, neither FBI nor the security firm FireEye confirmed about noticing any signs, which can prove that the string of digital threats by APT28 was related to the November presidential election.

In terms of growing security threat over November election, Sung-Yoon Lee, the Kim Koo-Korea Foundation professor in Korean Studies at the Fletcher School of Law and Diplomacy at Tufts University, earlier claimed, "North Korea will be able to test how far and to what extent it can damage the U.S. election system. I fully expect North Korea to test its own capabilities to see what it can get away with by hacking into the U.S. election system," reported Fox News.

Related topics : Cybersecurity