Foreign hacking groups carried out a large-scale hacking campaign against private and public agencies in the U.S. from December 2018 through May of 2020, according to an FBI warning. Foreign groups vary geographically, but US. Intelligence is focused on Russia’s GRU Military Intelligence Agency. The GRU hacker group known as APT28 or Fancy Bear reportedly carried out the operation.
The GRU hackers mostly tried to break into mail servers, Microsoft Office 365 and email accounts, and Virtual Private Network servers. The targets included “a wide range of US-based organizations, state and federal government agencies, and educational institutions,” according to the FBI notification. The notice also revealed that the U.S. energy sector was targeted by APT28 hackers.
Targeting the energy sector is not altogether new for GRU, whose hacker group, Sandworm, planted malware in energy utility networks in 2014 before carrying out the first cyber-attack-induced blackouts in the Ukraine in 2015 and 2016. But it represents a shift for APT28, most known for their hacking and leaking of emails from the campaign director for 2016 U.S. Presidential candidate, Hillary Clinton.
Distributed Denial of Service attacks (web traffic floods servers resulting in an overall system overload and crash) continued to spike this summer, according to data shared by NetScout, a security and business analytics services provider, which measured the attacks’ frequency, volume, and speed. The FBI told the publication Wired that the GRU campaign has likely persisted in recent months, as the threat was labeled in the notification as an “Advanced Persistent Threat.”
The hacking spree is particularly concerning because of the GRU’s history of these kinds of cyber-attacks. APT28 hackers were the subject of U.S. indictments that alleged hack-and-leak operations targeting both the 2016 election and the Worldwide Anti-Doping Agency.