A newly released joint cybersecurity advisory from agencies across 10+ nations paints a sobering picture: Russian GRU hackers (unit 26165, a.k.a Fancy Bear) are executing a persistent cyber espionage campaign targeting logistics and tech companies aiding Ukraine. Their tools range from brute-force password sprays to sophisticated phishing lures and malware, all aimed at one objective—breaking identity trust to gain access.
While many headlines will focus on the geopolitical tension, there’s a crucial lesson for every enterprise IT and security team: identity security is the front line. The attackers aren't breaching networks with brute strength—they’re slipping in by abusing weak authentication, misconfigured mailbox permissions, and outdated identity protocols like NTLM.
Here’s where identity security—and public key infrastructure (PKI) in particular—plays a starring role.
These attacks exploited vulnerable VPNs, legacy authentication methods, and unpatched systems. In contrast, strong, phishing-resistant credentials—like smart cards or certificate-based authentication (CBA)—remain virtually impervious to password guessing and token replay attacks.
But it's not just about a “stronger login.” PKI-based authentication brings:
- Cryptographic assurance of identity (unlike guessable credentials),
- Seamless integration with on-prem systems like Microsoft AD and Exchange, and remote desktop protocol (RDP),
- Resilience against brute-force and multi-factor authentication (MFA) fatigue attacks,
- And compliance alignment for Zero Trust and identity-centric frameworks.
As the advisory notes, it’s time to phase out NTLM and shift toward certificate-backed identity—especially for organizations still relying on on-premises infrastructure. Certificate lifecycle management, though complex, becomes manageable with platforms like Axiad Conductor, which automates issuance, renewal, and policy enforcement across hybrid environments.
TL;DR:
The adversaries are evolving. Your identity strategy needs to evolve faster. PKI authentication isn’t just a best practice—it’s a strategic defense.
Read the full advisory here.