Russian hackers using VPNs to target companies, governments


Russian spies accused of interfering in the 2016 U.S. presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide, U.S. and British authorities said in early July.

The governments said in a joint advisory that Unit 26165, the arm of Russia’s military spy agency whose officers were indicted for breaking into Democratic Party emails, had been using VPNs and Tor — a privacy-focused network — to conduct “widespread, distributed and anonymized brute-force access attempts against hundreds of government and private sector targets.”

The advisory did not identify any of the targets, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations.

Unit 26165 first came into the public eye in mid-2018, when a dozen members were indicted during special counsel Robert Mueller’s investigation into Russian interference in the 2016 U.S. presidential election. More members of the unit were indicted later that year for allegedly hacking international anti-doping officials.

The unit has regularly made the news since. U.S. officials called it out in 2020 for using malicious software to break into Linux systems.

The joint advisory was released by the U.S. National Security Agency, the Department of Homeland Security’s cyber arm, the Federal Bureau of Investigation and the British National Cyber Security Centre. Intelligence agencies in the United States and Britain have been increasingly vocal about calling out foreign hacking, especially when it originates from Russia or China.