The same Russian intelligence unit that leaked Democrats' files in 2016 is engaged in an ongoing email hacking campaign, the National Security Agency announced Thursday.
Hackers in Russia's GRU, its military intelligence agency, regularly target email accounts, as is common for many with robust cyber capabilities. But this is the first time that the NSA has issued a direct public alert that named the agency and warned of an ongoing hacking campaign.
It wasn't immediately clear if the advisory was merely a byproduct of the NSA's stated desire to be a better public adviser to the public on cybersecurity issues, or if it had a particular strategic aim. The agency launched its Cybersecurity Directorate in October with the intent of being a more open cybersecurity ally. In January, it said that it had alerted Microsoft to a critical Windows vulnerability rather than exploiting the flaw for its own purposes, the first time it made such an announcement.
The alert describes how the GRU is targeting a vulnerability in unpatched Unix systems, an alternative to the operating systems of Microsoft and Apple. It does not specify who it has seen targeted.
It does specify that the campaign is the work of GRU's Unit 74455, which has been tied to some of the most infamous cyberattacks in history. The U.S. Justice Department has accused Unit 74455 of creating the Guccifer 2.0 and DCLeaks personas, which then leaked stolen Democratic emails and files as part of its 2016 election interference campaign.
“They are probably Russia’s most brazen and successful cyberattack organization,” said John Hulquist, the director of threat intelligence at FireEye, which tracks the group.
The U.K. has named 74455 as the creators of NotPetya, the ransomware worm that grew wildly out of control and spread around the world in 2017, causing billions of dollars in damage and prompting international outcry.
In February, the State Department accused Unit 74455 of running a multitiered harassment campaign against the nation of Georgia.