New investigation A report by cybersecurity firm Heimdal has shown a huge increase in brute force attacks against corporate and institutional networks across Europe, with the majority of attacks originating in Russia.
Brute force attacks are used to gain access to accounts and systems through trial and error guessing. weak passwords.
Russian threat actors have been abusing this technique to exploit Microsoft infrastructure in an effort to avoid detection; the attacks have been occurring since May 2024, but may have occurred earlier.
Cities, businesses and infrastructure under attack
More than half of the attacks originate from IP addresses in Moscow, which are then used to target major cities in several European countries, including the UK, Lithuania, Denmark and Hungary.
Worryingly, the remainder of the attacked IP addresses originate in Amsterdam and Brussels, with the threat actors taking advantage of major Internet Service Providers such as Telefónica LLC and IPX-FZCO. Heimdal’s research shows that the attackers are actively exploiting Microsoft infrastructure in the Netherlands and Belgium as a means to increase their reach and attack success in Europe.
More than 60% of the IP addresses used to launch attacks are new, of which around 65% have been recently compromised and the rest have been previously used by attackers. Threat actors have been observed abusing SMBv1 sniffers, RDP sniffers, and RDP alternate port sniffers to crack weak or default credentials.
Some of the motivations behind the attacks include exfiltration of sensitive data, disruption of services, deployment of malware, and financial gain. Much of the work performed by threat actors includes search and destroy, disruption of critical assets, and sabotage.
“This data shows that an entity in Russia is waging a hybrid war against Europe, and may have even infiltrated it. The threat actors aim to extract as much data or financial resources as possible, leveraging Microsoft’s infrastructure to do so,” said Heimdal founder Morten Kjaersgaard.
“Whoever is responsible, be it the state or another nefarious group, has no shame in using Russia’s allies to commit these crimes. The exploitation of Indian infrastructure is a clear example. The data also shows that these attackers have strong ties to China,” Kjaersgaard concluded.
