By Raphael Satter
WASHINGTON (Reuters) – Russian spies accused of interfering in the 2016 U.S. presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide, U.S. and British authorities said on Thursday.
The governments said in a joint advisory that Unit 26165, the arm of Russia’s military spy agency whose officers were indicted for allegedly breaking into Democratic Party emails, had been using VPNs and Tor – a privacy-focused network – to conduct “widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets.”
The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations.
The Russian Embassy in Washington did not immediately return a message seeking comment. Russian officials routinely reject allegations that they employ hackers to spy on rival nations.
Unit 26165 first came into the public eye in mid-2018, when a dozen members were indicted during special counsel Robert Mueller’s investigation into Russian interference in the election that brought former president Donald Trump to power. More members of the unit were indicted later that year for allegedly hacking international anti-doping officials.
The unit has regularly made the news since. Last year it was called out by U.S. officials for allegedly using malicious software to break into Linux systems.
Thursday’s joint advisory was released by the U.S. National Security Agency, the Department of Homeland Security’s cyber arm, the Federal Bureau of Investigation and the British National Cyber Security Centre.
Spy agencies in the United States and Britain have been increasingly vocal about calling out foreign hacking, especially when it allegedly originates from Russia or China.
(Reporting by Raphael Satter; Editing by Steve Orlofsky)
