WASHINGTON: US and British agencies disclosed on Thursday details of “brute force” methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.
An advisory released by the US National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.
In a statement, NSA Cybersecurity Director Rob Joyce said the campaign was “likely ongoing, on a global scale.”
Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.
Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year. While a “significant amount” of the attempted break-ins targeted organizations using Microsoft’s Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.
The US has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.
The Russian Embassy in Washington on Thursday “strictly” denied the involvement of Russian government agencies in cyberattacks on US government agencies or private companies.
In a statement posted on Facebook, the embassy said, “We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.”
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the US energy and government sectors and is something the US government has apparently been aware of for some time.
Slowik said the use of Kubernetes “is certainly a bit unique, although on its own it doesn’t appear worrying.” He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as “routine collection against policy makers, diplomats, the military, and the defense industry.”
“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” Hultquist said in a statement.
The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Center.
The GRU has been repeatedly linked by US officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Mueller’s office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks in an effort to harm Hillary Clinton’s presidential campaign and boost Donald Trump’s bid.
More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.
Unlike Russia’s foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraine’s power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.
GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, US officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in US politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden, whose son had earlier served on the board.
The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.
US, UK cybersecurity agencies disclose hacking methods used by Russian spy group
https://arab.news/v385k
US, UK cybersecurity agencies disclose hacking methods used by Russian spy group
- Operatives linked to Russia's spy agency GRU have tried to break into networks using Kubernetes, says NSO
AstraZeneca to withdraw COVID vaccine globally as demand dips
- AstraZeneca says initiated worldwide withdrawal due to “surplus of available updated vaccines”
- Drugmaker has previously admitted vaccine causes side effects such as blood clots, low blood platelet counts
AstraZeneca said on Tuesday it had initiated the worldwide withdrawal of its COVID-19 vaccine due to a “surplus of available updated vaccines” since the pandemic.
The company also said it would proceed to withdraw the vaccine Vaxzevria’s marketing authorizations within Europe.
“As multiple, variant COVID-19 vaccines have since been developed there is a surplus of available updated vaccines,” the company said, adding that this had led to a decline in demand for Vaxzevria, which is no longer being manufactured or supplied.
According to media reports, the Anglo-Swedish drugmaker has previously admitted in court documents that the vaccine causes side-effects such as blood clots and low blood platelet counts.
The firm’s application to withdraw the vaccine was made on March 5 and came into effect on May 7, according to the Telegraph, which first reported the development.
The Serum Institute of India (SII), which produced AstraZeneca’s COVID-19 vaccine under the brand name Covishield, stopped manufacturing and supply of the doses since December 2021, an SII spokesperson said.
London-listed AstraZeneca began moving into respiratory syncytial virus vaccines and obesity drugs through several deals last year after a slowdown in growth as COVID-19 medicine sales declined.
Ex-national security adviser criticizes UK PM for not suspending arms sales to Israel
- Lord Peter Ricketts: ‘Pity’ govt ‘could not have taken a stand on this and got out ahead of the US’
- American decision to pause delivery of weapons seen as warning to Israel to abandon or temper plan to invade Rafah
LONDON: A former UK national security adviser has condemned Prime Minister Rishi Sunak for failing to suspend weapons sales to Israel, The Independent reported on Wednesday.
After the US paused a delivery of bombs, Sunak has yet to follow suit despite mounting pressure from within his own Conservative Party.
Lord Peter Ricketts, a life peer in the House of Lords and retired senior diplomat, said Britain should have been “ahead of the US” in ending arms sales to Israel.
The US decision to pause the shipment of bombs is seen as a warning to Israel to abandon or temper its plan to invade Rafah in southern Gaza.
More than 1 million Palestinian civilians are sheltering in the city after being forced out of northern sections of the enclave.
Ricketts said it is a “pity” that “the government could not have taken a stand on this and got out ahead of the US.”
Conservative MP David Jones made the same call in comments to The Independent, saying: “We should give similar consideration to a pause.”
He added: “Anyone viewing the distressing scenes in Gaza will want to see an end to the fighting. Hamas is in reality beaten. Now is the time for diplomacy to bring this dreadful conflict to an end.”
At Prime Minister’s Questions in the House of Commons, Sunak faced a flurry of questions over Britain’s potential ties to an Israeli invasion of Rafah. He said the government’s position remains “unchanged.”
Taliban deny Pakistani claims of Afghan involvement in attack on Chinese workers
- According to Islamabad, suicide attack that killed 5 Chinese in Pakistan was planned in Afghanistan
- Afghan Defense Ministry says the March attack showed weakness of Pakistan’s security agencies
KABUL: The Taliban on Wednesday rejected allegations of Afghan involvement in a recent deadly attack on Chinese workers in neighboring Pakistan.
The five Chinese nationals, who were employed on the site of a hydropower project in Dasu in northwestern Khyber Pakhtunkhwa province bordering Afghanistan, were killed alongside their driver in a suicide blast on March 26.
Pakistan’s military said on Tuesday that the attack was planned in Afghanistan and that the suicide bomber was an Afghan citizen.
Maj. Gen. Ahmad Sharif, a spokesperson for Pakistan’s army, also told reporters that Islamabad had “solid evidence” of militants using Afghan soil to launch attacks in Pakistan, that since the beginning of the year such assaults had killed more than 60 security personnel and that authorities in Kabul were unhelpful in addressing the violence.
The Taliban’s Ministry of Defense responded on Wednesday that the claims were “irresponsible and far from the reality.
“Blaming Afghanistan for such incidents is a failed attempt to divert attention from the truth, and we strongly reject it,” Enayatullah Khwarazmi, the ministry’s spokesperson, said in a statement.
“The killing of Chinese citizens in an area of Khyber Pakhtunkhwa, which is under tight security cover of the Pakistani army, shows the weakness of the Pakistani security agencies or cooperation with the attackers.”
The Dasu attack followed two other major assaults in regions where China has invested more than $65 billion in infrastructure projects as part of its wider Belt and Road Initiative.
On March 25, a naval air base was attacked in Turbat in Pakistan’s Balochistan province, and on March 20, militants stormed a government compound in nearby Gwadar district, which is home to a Chinese-operated port.
Pakistan is home to twin insurgencies, one by militants related to the Tehreek-e-Taliban Pakistan — the Pakistani Taliban — and the other by ethnic separatists who seek secession in southwestern Balochistan province, which remains Pakistan’s poorest despite being rich in natural resources.
While the attacks in Balochistan were claimed by the Baloch Liberation Army — the most prominent of several separatist groups in the province, no group claimed responsibility for the one in Dasu.
Blaming it on Afghanistan, however, was “baseless,” according to Naseer Ahmad Nawidy, an international relations professor at Salam University in Kabul.
“The insurgency in the region has existed for very long now and cannot be attributed to a specific area or country. Pakistan looks at the Islamic Emirate in its current form as a threat to its interests. The Pakistan government needs to develop its relations with the Islamic Emirate based on equal rights and goodwill for stability in the whole region,” Nawidy told Arab News.
“Stability in the region requires mutual cooperation and trust. The governments in Afghanistan and Pakistan must end the relations crisis at the earliest. Repeating such claims will further increase the tensions and may cause enmity between the two countries.”
Abdul Saboor Mubariz, a political scientist and lecturer at Alfalah University in Jalalabad, said that Pakistan’s claims were meant to put pressure on the Taliban to help Islamabad in its campaign against the TTP.
“Pakistan’s government is using different forms of pressure such as forcible deportation of Afghan refugees, claims about security threats from Afghanistan, closing border points and creating challenges for Afghan traders,” he said, adding that accusations and claims of links to attacks were affecting the Taliban administration as it still sought recognition from foreign governments.
“The claims are critical for the Islamic Emirate as it is seeking engagement with the countries in the region and across the globe, while the government remains unrecognized by all world countries.”
India PM Modi’s party deletes X post accused of targeting Muslims
- Video featured opposition politicians scheming to abolish programs for marginalized Hindus, distribute them to Muslims
- India’s PM Modi, expected to win polls, has made controversial remarks in election speeches, referring to Muslims as “infiltrators”
New Delhi: Indian Prime Minister Narendra Modi’s party on Wednesday deleted a cartoon video posted on social media platform X that was criticized for targeting minority Muslims during an ongoing national election.
India’s election code bans campaigning based on “communal” incitement but the Hindu-nationalist Bharatiya Janata Party (BJP) has frequently invoked the country’s main religious divide on the campaign trail.
The video, posted by an official BJP account, featured caricatures of opposition politicians scheming to abolish special affirmative action programs for marginalized Hindu groups and instead distribute them to Muslims.
The election commission wrote to the platform’s Indian office on Tuesday saying the “objectionable” post violated Indian law.
On Wednesday the original post had disappeared from the platform, with a notice saying it had been deleted.
A police complaint filed by the opposition Congress party accused the video of promoting “enmity between different religions.”
Modi, who is widely expected to win a third term in office when the six-week general election concludes next month, has made similar claims to the video in campaign appearances since last month.
He has used public speeches to refer to Muslims as “infiltrators” and “those who have more children,” prompting condemnation from opposition politicians, who have complained to election authorities.
On Tuesday he again said that his political opponents would “snatch” affirmative action policies meant for disadvantaged Hindus and redirect them to Muslims.
Modi remains widely popular a decade after coming to power, in large part due to his government’s positioning of the nation’s majority faith at the center of its politics, despite India’s officially secular constitution.
That in turn has made India’s 220-million-plus Muslim population increasingly anxious about their future in the country.
The BJP last month published another contentious animated video on Instagram in which a voiceover warned that if the opposition came to power, “it will snatch all the money and wealth from non-Muslims and distribute them among Muslims, their favorite community.”
The video was removed after several users reported it for “hate speech.”
UK says to expel Russian defense attache as ‘undeclared military intelligence officer’
- Interior minister James Cleverly told parliament the UK would also remove the diplomatic status of several Russian-owned properties
- UK is currently a staunch NATO backer of Ukraine
London: The UK government on Wednesday raised tensions with the Kremlin by announcing it would expel a Russian defense attache for being “an undeclared military intelligence officer.”
Interior minister James Cleverly told parliament the UK would also remove the diplomatic status of several Russian-owned properties, including one in Sussex, southern England, and another in London “which we believe have been used for intelligence purposes.”
There would also be new restrictions on Russian diplomatic visas such as a cap on the length of time Russian diplomats can spend in the UK, he added.
The move comes with the UK concerned at an apparent increase in “malign” Russian activity on UK soil, including an arson attack on a Ukrainian-linked business allegedly orchestrated by the Kremlin.
A British man who it is claimed has links to the Wagner Group was charged in connection with that case last month.
London has previously accused Moscow of being behind the poisoning of two Russian former agents on UK soil, and of a spate of cyberattacks and disinformation campaigns.
The UK is currently a staunch NATO backer of Ukraine, providing training for troops and military equipment in the fightback against Russia.
Cleverly said the new package of measures was intended “to make clear to Russia that we will not tolerate such apparent escalations.”
He warned that Moscow would make accusations of Russophobia and spread conspiracy theories in response to his announcement.
“This is not new and the British people and the British Government will not fall for it, and will not be taken for fools by (President Vladimir) Putin’s bots, trolls and lackeys.
“Russia’s explanation was totally inadequate. Our response will be resolute and firm.
“Our message to Russia is clear: stop this illegal war, withdraw your troops from Ukraine, cease this malign activity.”
