{"id":35315,"date":"2020-06-01T17:35:00","date_gmt":"2020-06-01T17:35:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/d\/d-id\/1337962"},"modified":"2020-06-01T17:35:00","modified_gmt":"2020-06-01T17:35:00","slug":"rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/","title":{"rendered":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">The Sandworm group &#8212; behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine &#8212; is now targeting e-mail servers.<\/span> <\/p>\n<p class=\"p1\">A rare advisory from the US National Security Agency (NSA), warning of attacks by Russian military intelligence on vulnerable e-mail servers, is not likely to dissuade the nation-state cyber-espionage group from attacking targets of interest, cybersecurity experts say.<\/p>\n<p class=\"p1\">On Thursday, <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/nsa-warns-russias-sandworm-group-is-targeting-email-servers\/d\/d-id\/1337936\" target=\"_blank\" rel=\"noopener noreferrer\">the NSA told organizations<\/a> that a remotely exploitable vulnerability in the EXIM mail transfer agent, which comes installed by default on some versions of Linux, is being targeted by &#8220;Russian cyber actors from the GRU Main Center for Special Technologies (GTsST), field post number 74455&#8221; \u2014 otherwise known as the Sandworm group. The Sandworm group is one of two main cyber operations groups for Russian military intelligence.<\/p>\n<p class=\"p1\">But aside from convincing targeted organizations to take the appropriate actions to protect their systems, the advisory will likely not blunt the attacks, says Greg Lesnewich, a threat intelligence researcher at Recorded Future.<\/p>\n<p class=\"p1\">&#8220;We have tried naming and shaming of the individual operators and the unit \u2014 obviously sanctions have been tried,&#8221; he says. &#8220;I think that Russian intelligence agencies have a high risk tolerance and feel pretty emboldened to do what they are doing, so I&#8217;m not entirely sure what we could potentially do to deter them from conducting these activities.&#8221;<\/p>\n<p class=\"p1\">The&nbsp;<a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2020\/05\/28\/nsa-releases-advisory-sandworm-actors-exploiting-exim\" target=\"_blank\" rel=\"noopener noreferrer\">warning<\/a>&nbsp;does not bode well for the latest US election cycle. With politics already polarized and disinformation regularly being used by political parties and foreign rivals, the revelation that Russian intelligence has likely gained access to some government organizations&#8217; and businesses&#8217; e-mail servers is troubling.&nbsp;<\/p>\n<p class=\"p2\">In addition, the fact that a US intelligence agency is raising a flag should lend credence to the information and may spur action, Lesnewich says.<\/p>\n<p class=\"p2\">&#8220;Predominantly, it is to help American \u2014 and potentially some UK, Australian, and Canadian \u2014 businesses and entities to patch these servers to prevent incidents from happening,&#8221; he says. &#8220;In addition, by naming the GRU unit associated with the activity, they are putting resources and a warning out to help the public. We are in an election year, and this GRU activity has been implicated in election meddling both in the US and abroad.&#8221;<\/p>\n<p class=\"p2\"><strong>Attack Record<\/strong><br \/>For at least 15 years, the Sandworm group \u2014 also known as Iridium, Electrum,&nbsp;<a href=\"https:\/\/www.crowdstrike.com\/blog\/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear\/\" target=\"_blank\" rel=\"noopener noreferrer\">BlackEnergy, and Voodoo Bear<\/a>&nbsp;\u2014 has compromised a variety of political targets, sown disinformation, and collected intelligence on Russia&#8217;s rivals and interests. It has twice caused power outages in Ukraine and targeted the 2018 Winter Olympics with the Olympic Destroyer attack. The group has also started focusing on deploying Android malware to target South Korean and Ukrainian targets by creating knock-off applications that resembled other applications \u2013 in one case compromising a developer account,&nbsp;<a href=\"https:\/\/www.blog.google\/technology\/safety-security\/threat-analysis-group\/protecting-users-government-backed-hacking-and-disinformation\/\" target=\"_blank\" rel=\"noopener noreferrer\">according to Google&#8217;s Threat Analysis Group<\/a>.<\/p>\n<p class=\"p2\">The Russian government agency behind the attacks, known as the Main Directorate of the General Staff of the Armed Forces (GRU), is one of the most well-known state actors on the Internet, global consulting firm Booz Allen Hamilton stated in an <a href=\"https:\/\/www.boozallen.com\/c\/insight\/blog\/russian-military-cyber-operations-in-context.html\" target=\"_blank\" rel=\"noopener noreferrer\">in-depth analysis of Sandworm attacks<\/a> published in March 2020.<\/p>\n<p class=\"p2\">&#8220;The GRU is not the only Russian government agency that conducts cyber operations, but it is Russia&#8217;s most thoroughly documented and consistently publicly implicated cyber operations organization,&#8221; according to the&nbsp;84-page analysis. &#8220;In recent years, the United States, its allies, and its partners have repeatedly, explicitly, and unequivocally attributed numerous cyber events, cover personas, and security industry group names to the GRU.&#8221;<\/p>\n<p class=\"p2\">The EXIM vulnerability (CVE-2019-10149) is trivial to exploit and only requires a specially crafted command to be sent in the &#8220;MAIL FROM&#8221; filed of a message, the NSA warned in the latest advisory. &#8220;When CVE-2019-10149 is successfully exploited, an actor is able to execute code of their choosing,&#8221; the NSA said.&nbsp;<\/p>\n<p class=\"p2\">The code downloaded from Sandworm-linked domains and executed on exploited servers adds privileged users, disables some networks security, modifies SSH configuration to allow remote access for the attackers, and executes other code to further compromise the network, the NSA advisory stated.<\/p>\n<p class=\"p2\">EXIM is a popular mail transfer agent \u2014 the servers that shuffle e-mail around the Internet \u2014 with almost 5.3 million computers running the software. At least 30% of those servers are running vulnerable EXIM versions, according to data from&nbsp;<a href=\"https:\/\/www.shodan.io\/report\/vRKzLpdS\" target=\"_blank\" rel=\"noopener noreferrer\">Internet intelligence service Shodan.io<\/a>.&nbsp;<\/p>\n<p class=\"p1\">The attackers began targeting the software in August 2019 and downloaded scripts from domains and servers known to belong to the Sandworm group, the NSA stated in its advisory. The agency&#8217;s warning is a &#8220;rare trifecta move&#8221; because the NSA is outing a particular threat actor, warning about a vulnerability, and releasing indicators of compromise, says<\/p>\n<p class=\"p1\">&#8220;It is sort of this unprecedented thing for them to publish about, which suggests that these operators have hit targets of interest inside the US or inside friendly foreign intelligence apparatus,&#8221; he says. &#8220;And that means there must be cases of some juicy targets that are using the EXIM mail server for them to be worried about.&#8221;<\/p>\n<p class=\"p2\">The attribution is useful in this case because access to e-mail servers is a critical step in a common cybercriminal operation known as business e-mail compromise (BEC), but the Russian group is not known to use such tactics. Under the lucrative scheme, fraudsters use a compromised e-mail server to intercept messages and invoices sent between a vendor and its clients. By using the access to request changes to bank account information, attackers have rerouted payments to their own accounts, resulting in BEC&nbsp;<a href=\"https:\/\/www.darkreading.com\/fbi-business-email-compromise-cost-businesses-$17b-in-2019\/d\/d-id\/1337035\" target=\"_blank\" rel=\"noopener noreferrer\">topping the list of damages due to cybercriminal operations<\/a>.<\/p>\n<p class=\"p3\"><strong>Related Content:<\/strong><\/p>\n<div><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" alt width=\"450\" height=\"70\"><\/div>\n<div><em><strong><strong>Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that &#8220;really&nbsp;<\/strong><strong>&nbsp;bad day&#8221; in cybersecurity. Click for<\/strong><strong>&nbsp;<a href=\"https:\/\/events.darkreading.com\/virtualsummit\/\" target=\"_blank\" rel=\"noopener noreferrer\">more information and to register<\/a>.&nbsp;<\/strong><\/strong><\/em><\/div>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span> <\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/d\/d-id\/1337962?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Sandworm group &#8212; behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine &#8212; is now targeting e-mail servers. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/d\/d-id\/1337962?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-35315","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-01T17:35:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them\",\"datePublished\":\"2020-06-01T17:35:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/\"},\"wordCount\":1016,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/\",\"name\":\"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"datePublished\":\"2020-06-01T17:35:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/","og_locale":"en_US","og_type":"article","og_title":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-06-01T17:35:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them","datePublished":"2020-06-01T17:35:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/"},"wordCount":1016,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/","url":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/","name":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","datePublished":"2020-06-01T17:35:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/rare-nsa-advisory-about-russia-based-cyberattacks-unlikely-to-stop-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35315"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35315\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}