Russian Military Hackers Have Been on a Worldwide Password Guessing Spree

According to U.S. and U.K. government officials, the Russian cyber spies of Unit 26165 have been using brute force attacks to target hundreds of organizations.

We may earn a commission from links on this page.
Image for article titled Russian Military Hackers Have Been on a Worldwide Password Guessing Spree
Photo: OZAN KOSE / AFP (Getty Images)

An elite team of hackers connected to Russian military intelligence have been using brute force attacks to target hundreds of organizations throughout the world, according to officials with U.S. and U.K. security agencies.

A joint advisory published Thursday says that the military unit 26165, also known by its moniker “Fancy Bear,” has been conducting “widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets.” Those targets have apparently included a wide array of military organizations, defense contractors, energy companies, political parties and consultants, media companies and more.

The attacks seem to have started sometime around mid-2019 and have continued through early 2021, the advisory states. “These efforts are almost certainly still ongoing,” it adds.


Brute force attacks are a common form of cyberattack that involves rapid-fire password guessing as a method to gain entry into online accounts. Hackers will deploy automated software that can fly through millions of possible matches per second.

The hackers are combining the brute force campaign with known vulnerabilities in an effort to gain access to organizations and push further into networks, the advisory states.


Unit 26165/Fancy Bear, which operates out of the Russian General Staff Main Intelligence Directorate (GRU), has been linked to a number of other high-profile cyberattacks in the past. The same group is believed to have been responsible for the attacks on the Democratic National Committee and the Hillary Clinton campaign in 2016, and is commonly known to go after Western political and military targets.

The news of the campaign comes about two weeks after President Biden had his first meeting with Russian leader Vladimir Putin—a meeting that allegedly was “good” and “positive.” Apparently not positive enough for the two countries to call a cyber-truce between their military services, however.


“Network managers should adopt and expand usage of multi-factor authentication to help counter the effectiveness of this capability,” the advisory warns. “Additional mitigations to ensure strong access controls include time-out and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses.”