Tag Archive for: blames

EU officially blames Russia for ‘Ghostwriter’ hacking activities

/in


EU officially blames Russia for 'Ghostwriter' hacking activities

Image: Christian Lue

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.

“These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data,” European Council officials said in a press release today.

“Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies.”

The EU officials added that these hacking activities are in stark contrast to normal state behavior endorsed by all UN member states.

The attacks are also seen as clear attempts to undermine EU’s democratic institutions and processes, including but not limited to enabling disinformation and information manipulation.

Linked to Russia’s GRU military intelligence service

The Ghostwriter “malicious cyber activities” were also connected by Germany to the GRU military intelligence service earlier this month, with German Foreign Ministry spokeswoman Andrea Sasse saying that the German parliament was targeted at least three times this year.

Sasse’s statement came after German security authorities detected multiple attempts to steal personal login details of German lawmakers before the September 26 federal election, likely as part of a preparation effort for disinformation campaigns

“The German government has reliable information on the basis of which Ghostwriter activities can be attributed to cyber actors of the Russian state and, specifically, Russia’s GRU military intelligence service,” Sasse said.

In March, Germany also said that the Ghostwriter Russian military intelligence hacking group is the main suspect behind a spearphishing attack that targeted multiple Parliament members.

They are believed to have breached the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.

“The European Union and its Member States strongly denounce these malicious cyber activities, which…

Source…

Apple’s software chief blames Mac security to keep grip on iPhone App Store

/in


Apple Inc.’s top software engineer criticized the security of his own Mac operating system in a bid to explain why the company shouldn’t be forced by a judge to loosen its hold over iPhone and iPad app distribution, as Epic Games Inc. is demanding.

Craig Federighi, Apple’s senior vice president of software engineering, testified Wednesday at a trial in federal court in Oakland, California, that his experience with imported malware on the macOS system shows how security would be eroded if the company allowed iPhone and iPad users to install software from the web or other stores, as it does on the Mac.

“Today we have a level of malware on the Mac that we don’t find acceptable,” primarily because the system allows users to install software that isn’t vetted by Apple, Federighi said. That makes it less secure than iOS and iPadOS, the operating systems that power the iPhone and iPad, he said.

Allowing apps from other stores or places on the iPhone would create a “very, very bad situation for our customers,” including “a huge decrease in their safety,” Federighi said. He also said iPhones and iPads have security protections, including the App Store review process, to keep the products free from malware.

Later in his testimony, Federighi said that despite its malware problems, the Mac is the safest choice among personal computers and is more secure than those running Microsoft Corp.’s Windows operating system.

Federighi said that the rival Android operating system, which allows third-party stores, faces similar security challenges. “It’s well understood in the security community that Android has a malware problem.” Apple’s iOS, on the other hand, has succeeded in blocking malware, he said.

Responding to a hypothetical situation in which third-party app download stores would be allowed, Federighi said that Apple’s “security stack” is built end-to-end in a way that it would be challenging to let third parties in to manage user security and privacy. He would have “grave concerns” if Apple had to hand off control over security to third parties, he said.

Earlier in the trial, Epic tried to make the point that if installing software…

Source…

Australia blames Russia for SolarWinds attack

/in


Australia has officially attributed the SolarWinds cyber attack to Russia and has committed to helping the US in holding the nation “to account” for the incident.

Overnight US President Joe Biden signed an Executive Order declaring a national emergency to deal with the threat of Russia’s foreign interference, including “malicious cyber-enabled activities”.

In a joint statement released late Thursday, Foreign Affairs Minister Marise Payne, Defence Minister Peter Dutton and Home Affairs Minister Karen Andrews condemned Moscow for a “harmful cyber campaign” against US firm SolarWinds.

“Over the past 12 months, Australia has witnessed Russia use malicious activity to undermine international stability, security and public safety. Australia condemns such behaviour,” the Ministers said.

“Russia’s campaign has affected thousands of computer systems worldwide. Australia acknowledges the high costs borne by the US private sector.”

Marise Payne joined the Defence and Home Affairs Ministers in attributing the SolarWinds attack to Russia

SolarWinds is a major IT firm that provides software to large companies and governments. A massive cybersecurity attack on the company spread to its clients last year and is believed to have exposed sensitive information held by the US government, including data of the US military and White House.

Hackers from Russia were suspected almost immediately when the attack was first reported by Reuters in December last year. US security agencies first accused the Russian government of orchestrating the SolarWinds attack in January

But the attack was not officially attributed to the state actor until Thursday in a joint advisory from US intelligence firms that named Russian Foreign Intelligence Service actors APT29, Cozy Bear, and The Dukes as being supported by the Kremlin.

US President Joe Biden also signed an Executive Order on Thursday condemning the Russian government’s foreign interference, including meddling in US elections and the facilitation of “malicious cyber-enabled activities against the United States and its allies and partners”.

President Biden’s order includes a host of sanctions against Russia,…

Source…

White House blames Russian spy agency SVR for SolarWinds hack – Benchmarking Change

/in


The White House said in a statement on Thursday that Russia’s foreign intelligence service, known as the SVR, was responsible for the SolarWinds hack, which led to the compromise of nine federal agencies and hundreds of private sector companies.

Senior US government officials had already said the Russian government was responsible for the sprawling cyber attack, but Thursday’s announcement offers the first formal statement pinning the operation on a specific agency.

The White House statement was paired with a series of sanctions against five Russian cyber security firms, which the Treasury Department said had been involved in supporting Russian cyber operations.

SVR has reportedly dismissed the claim as “nonsense” and “windbaggery”.

While some national security experts say the SolarWinds hacking operation could be viewed as a traditional espionage activity that is not uncommon between government hackers, the Treasury Department in its statement said the “scope and scale of this compromise combined with Russia’s history of carrying out reckless and disruptive cyber operations makes it a national security concern.”

The National Security Agency, FBI and Cybersecurity Infrastructure Security Agency also revealed on Thursday that the SVR was exploiting five known computer software vulnerabilities.

The announcement came with links to a series of related software patches by the companies who make those products, including VMware and Fortinet.

“The vulnerabilities in today’s release are part of the SVR’s toolkit to target networks across the government and private sectors. We need to make SVR’s job harder by taking them away,” Rob Joyce, NSA director of cybersecurity, said.

Source…