Brute Force attack launched by Russia APT28 using Kubernetes


All these days we have seen instances where Kubernetes were used to automate the deployment of containerized applications. But a new discovery made by the National Security Agency(NSA) of United States has revealed that Russian hacking group APT28 is launching Brute Force Cyber Attacks using Kubernetes to ensure anonymity.

APT28 aka Fancy Bear or Strontium is a hacking group that is funded by Russian Military Intelligence. It is found hacking databases through brute force attacks or password spray via TOR and VPN servers. And then is seen accessing the entire network through stolen credentials and sometimes exploiting vulnerabilities in targeting systems.

What’s sensational about these attacks is that the cyber criminals involved in the incident are seen gradually moving further deep into the targeted network and seen stealing classical information from Microsoft 365 email boxes to later indulge in double extortion or sell it on the dark web.

NSA states APT28 has been involved in this hacking campaign since 2019 and has so far targeted many of US and UK Organizations that include those involved in manufacturing, energy, defense, logistics, media, law, education and military and political sectors.

Thus, in a joint statement released by Department of Defense, National Security Systems, Defense Industrial Base of United States, companies are urged to review their indicators of compromise respectively and take necessary measures to mitigate risks.

Security analysts from the National Security Agency are advising system administrators of various companies to use multi-factor authentication, time-out and lock-out feature in password authentication and conduct network segmentation to weed out any cyber threats lurking in the corporate network.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display