Russian military intelligence hackers are on a rampage trying to break into U.S. military and government entities—again.
In an alert issued Thursday morning, the National Security Agency warned that hackers working for Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS)—better known among Americans as the hackers who went after the Democratic National Committee and Hillary Clinton’s campaign in 2016—are primarily pummeling targets in the U.S. and Europe.
And once again, the military intelligence hackers, also known as Fancy Bear or APT28, are going after political consultants, political parties, and think tanks, according to the intelligence community’s assessment. The hackers have also been working to break into energy companies, law firms, and media companies since 2019, the NSA said.
The agency did not specify any targets by name.
The warning comes just days before the Summer Olympic Games are set to begin in Tokyo, Japan—an event the hackers are all too familiar with. In 2020, the Department of Justice announced a federal grand jury had charged six Russian hackers for their role in targeting the 2018 Winter Olympics in South Korea, which they carried out after Russian athletes were banned from participating under their nation’s flag.
Russia’s hacking force has already begun their assault against the games, by some assessments. Microsoft announced last year that Russian state-linked hackers had begun targeting sports-related entities and anti-doping authorities in advance of the Tokyo Olympics.
John Hultquist, the Vice President of Analysis at FireEye’s Mandiant Threat Intelligence, who has been tracking the GRU hackers for years, told The Daily Beast the NSA’s alert could be a helpful signal to potential target organizations to shore up their cybersecurity plans before the Olympics.
“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” Hultquist said.
The NSA issued the warning alongside the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the U.K.’s National Cyber Security Centre in an attempt to warn the defense contractors about the GRU’s current hacking tactics so they can thwart their crusade.
But the Russians’ hacking techniques—namely, using brute force to break into accounts, steal data, and access user credentials—as the government agencies note in their alert, are not new. The NSA’s Cybersecurity Director, Rob Joyce, suggested the alert is meant to draw attention to tried and true techniques to keep the hackers out moving forward.
“Net defenders should use multi-factor authentication and the additional mitigations in the advisory to counter this activity,” Joyce said in a statement.
Hultquist cautioned that just because the Russians are going after political targets, it doesn’t mean there will be hack and leak campaigns.
“The bread and butter of this group is routine collection against policy makers, diplomats, the military, and the defense industry and these sorts of incidents don’t necessarily presage operations like hack and leak campaigns,” he said.
Hultquist also warned that the GRU is not easily deterred.
“Despite our best efforts,” Hultquist said, “we are very unlikely to ever stop Moscow from spying.”