COPENHAGEN, Denmark. ,
July 25,
2024 /PRNewswire/ -- An investigation
by Heimdal, a leading cybersecurity company, reveals that the
EU is facing a surge in brute force cyber attacks on corporate and
institutional networks, primarily originating from Russia.
These attackers exploit Microsoft infrastructure, particularly
in Belgium and the Netherlands, to avoid detection.
The investigation into the Russian brute-force campaign
has revealed several critical insights:
- Attackers are aiming for High-Value Targets (HVTs)
- Key infrastructure cities like Edinburgh and Dublin have been frequently targeted
- Over half of the attack IP addresses are linked to Moscow, targeting major cities in the UK,
Denmark, Hungary, and Lithuania
- The rest of the investigated attack IPs can be traced back to
Amsterdam and Brussels
- Major ISPs like Telefonica LLC and IPX-FZCO were significantly
abused
- Heimdal's data shows these attacks date back to May 2024 but may have been happening even
longer.
Read the full report
here: heimdalsecurity.com/blog/russia-brute-force-attacks-europe/
Prevalent Infiltration and Attack
Techniques
The attackers primarily target administrative accounts using
various case combinations and language variants.
Over 60% of attack IPs are new, with approximately 65% recently
compromised and the rest previously abused, revealing a constantly
evolving threat.
The threat actors employ known attack principles such as SMBv1
crawlers, RDP crawlers, and RDP alternative port crawlers,
exploiting weak or default credentials through password guessing,
spraying, and stuffing.
Additionally, their use of legitimate Microsoft infrastructure
broadens the attack surface and complicates detection and
response.
Data shows that attackers have actively exploited Microsoft
infrastructure from the
Netherlands and Belgium to
increase their attack range and success odds.
Russia Leveraging State-Owned
Networks to Propagate Attack
Major ISPs like Telefonica LLC and IPX-FZCO are significantly
abused, with the former accounting for 27.7% of attacks from
Russia.
The attackers also leveraged resources from Russian allies,
including Indian telecom companies Bharat Sanchar Nigam Limited and
Bharti Airtel Limited, both of which have faced recent data
breaches.
Scope of Brute-Force
Campaign
Russia's motivation behind
these cyberattacks is multifaceted.
The reasons for these actions likely include aims to destabilize
and disrupt critical infrastructure in Europe, extract sensitive data, gain financial
advantage to fuel ongoing cyber-war efforts, or deploy malware.
The threat actors' mandates can span multiple types of
subversive cyber-warfare ops, including seek-and-destroy,
disruption of critical assets, and sabotage.
A Wake Up Call for the European
Union
This persistent threat underscores the need for cybersecurity
measures within EU countries, including strengthening cloud
security, enforcing multi-factor authentication, conducting regular
security audits, and educating employees.
Morten Kjaersgaard, Founder of
Heimdal, said:
"This data shows that an entity in Russia is waging a hybrid war on Europe, and may have even infiltrated it.
The threat actors are aiming to extract as much data or
financial means as possible, leveraging Microsoft infrastructure to
do so.
Whoever is responsible, whether it's the state or another
nefarious group, they have no shame in using Russia's allies to commit these crimes.
The exploitation of Indian infrastructure is a strong example.
The data also proves these attackers have strong ties with
China."
Paul Vixie, Co-Founder of SIE
Europe, added:
"The data that Heimdal has uncovered is explosively evil, and
SIE Europe data clearly shows how well built these Russian Wasp
nests are and they show no signs of stopping.
SIE Europe does not ever traffic in Personally Identifiable
Information, and this case shows the investigative power of public
information once cooperatively assembled."
Read the full investigation here: Russia-Linked Brute-Force
Campaign Targets EU via Microsoft Infrastructure
(heimdalsecurity.com).
For further press information:
Maria Madalina Popovici
Media Relations Manager
Email: mpo@heimdalsecurity.com
About Heimdal
Established in Copenhagen in 2014, Heimdal empowers
CISOs, security teams, and IT administrators to improve their
security operations, reduce alert fatigue, and implement proactive
measures through a unified command and control platform.
Heimdal®'s award-winning cybersecurity solutions span
the entire IT estate, addressing challenges from endpoint to
network levels, including vulnerability management, privileged
access, Zero Trust implementation, and ransomware prevention.
About SIE Europe
SIE Europe enables European-based organizations to contribute
and share passive DNS data to advance cyber investigations and
significantly reduce risk from phishing, ransomware, e-crime and
other cyberattacks.
SIE Europe is cofounded by Internet luminaries Dr. Paul Vixie, Chairman, Co-Founder and CEO of
Farsight Security, Inc., Christoph
Fischer, Founder and CEO of BFK edv-consulting
GmbH and Peter Kruse, Cofounder
, CSIS Security Group A/S.
This information was brought to you by Cision
http://news.cision.com
The following files are available for download:
https://mb.cision.com/Main/22623/4018330/2925877.pdf
|
Heimdal Links
Russia-Based Threat Actors to Brute Force Attacks on the
EU
|
https://mb.cision.com/Public/22623/4018330/87d4180148270100_org.jpg
|
Image - Heimdal ties
Russia-based actors to brute force attacks on the EU
|
https://mb.cision.com/Public/22623/4018330/8df29c971c3a7080_org.jpg
|
Map - the primary
origin of the attack
|
View original
content:https://www.prnewswire.co.uk/news-releases/heimdal-security-presents-its-latest-report-on-brute-force-cyber-attacks-302206435.html