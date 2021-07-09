The U.S. government agencies put out a warning that Russian military has been using a Kubernetes cluster to attempt distributed and anonymized brute force access against hundreds of government and private sector targets worldwide. Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the National Cyber Security Center jointly issued the warning. The agencies said the attacks started at least in mid-2019 through early 2021 and have been called Fancy Bear, APT28, and Strontium. Specifically named in the warning is Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165. The GTsSS most often used Microsoft Office 365 cloud service to gain access although other service providers and on-prem email servers were attacked. One way to protect against the attacks is to use two-factor authentication.
