The campaign is said to have begun in mid-2019 and to be "almost certainly" ongoing. It has mainly been directed at organizations using Microsoft Office 365 cloud services, but other service providers have also been targeted.
The attack is relatively unsophisticated, with the hackers using multiple attempts to log in with different passwords to try to access systems.
They are alleged to have used specialist software to scale up these efforts and have used Virtual Private Networks and Tor, an anonymizing system, to hide what they were doing.
In its September 2020 warning about the group, Microsoft said they used 1,000 constantly rotating I.P. addresses.
Once they get in, Russian hackers are said to have stolen data, including emails, and further log-in information to allow them to burrow deeper.
Read the original story here.
Sign in or become a tippinsights member to join the conversation.
Just enter your email below to get a log in link.