FBI Confirms DarkSide as Colonial Pipeline Hacker

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

President Biden said on Monday that the United States would “disrupt and prosecute” a criminal gang of hackers called DarkSide, which the F.B.I. formally blamed for a huge ransomware attack that has disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast.

The F.B.I., clearly concerned that the ransomware effort could spread, issued an emergency alert to electric utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline carrying gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.

The pipeline remained offline for a fourth day on Monday as a pre-emptive measure to keep the malware that infected the company’s computer networks from spreading to the control systems that run the pipeline. So far, the effects on gasoline and other energy supplies seem minimal, and Colonial said it hoped to have the pipeline running again by the end of this week.

The attack prompted emergency meetings at the White House all through the weekend, as officials tried to understand whether the episode was purely a criminal act — intended to lock up Colonial’s computer networks unless it paid a large ransom — or was the work of Russia or another state that was using the criminal group covertly.

So far, intelligence officials said, all of the indications are that it was simply an act of extortion by the group, which first began to deploy such ransomware last August and is believed to operate from Eastern Europe, possibly Russia. There was some evidence, even in the group’s own statements on Monday, that suggested the group had intended simply to extort money from the company, and was surprised that it ended up cutting off the main gasoline and jet fuel supplies for the Eastern Seaboard.

The attack exposed the remarkable vulnerability of a key conduit for energy in the United States as hackers become more brazen in taking on critical infrastructure, like electric grids, pipelines, hospitals and water treatment facilities. The city governments of Atlanta and New Orleans, and, in recent weeks, the Washington, D.C., Police…


US Justice Department Confirms It Was Victim of SolarWinds Hack | Voice of America

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The U.S. Department of Justice confirmed on Wednesday that it had been the victim of a massive hacking operation linked to Russian intelligence.  

In a statement, Justice Department spokesman Marc Raimondi said about 3% of the agency’s email accounts appeared to have been compromised, although no classified information was accessed. 

“After learning of the malicious activity, the Office of Chief Information Officer eliminated the identified method by which the actor was accessing the … email environment,” Raimondi said. 

Raimondi said the department learned about the previously unknown hack on its networks on Christmas Eve and determined that it constituted a “major” security incident. 

The disclosure came a day after U.S. intelligence agencies said that the hack was part of an ongoing intelligence operation and likely being carried out by Russia.  

This Wednesday, Feb. 11, 2015 photo shows FireEye offices in Milpitas, Calif. The cybersecurity firm said Tuesday, Dec. 8, 2020…
FILE – This Feb. 11, 2015, photo shows FireEye offices in Milpitas, Calif.

The hack came to light in early December when private cybersecurity firm FireEye disclosed that its networks had been compromised. Investigators have traced the breach to SolarWinds, a Texas-based network management software company that the hackers used to penetrate the computer networks. 

In a statement Tuesday, the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) said that of the approximately 18,000 SolarWinds customers impacted by the hack, “a much smaller number has been compromised by follow-on activity on their systems.”  

FILE PHOTO: The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio…
FILE – The SolarWinds logo is seen outside its headquarters in Austin, Texas, Dec. 18, 2020.

“We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted,” the agencies said. 

Officials had previously confirmed that the departments of Defense, Treasury, State, Homeland Security, Commerce and Energy were impacted. Among targeted businesses were Microsoft and Amazon.  

U.S. President…


Samsung S21 Ultra spec leak confirms additional camera hardware

Today, we have another Galaxy S21 leak, which seems to confirm some of the specs that have been floating around, published by WinFuture. Information about and images of Samsung’s upcoming Galaxy S21-series phones have been landing almost daily in the run-up to Samsung’s January event. With this newest leak, we now have a better idea of what to expect — especially in the camera department. In short, the hardware appears to be a big part of Samsung’s plan to take on the highly capable iPhone 12 Pro Max.

The S21 Ultra will reportedly offer 3x and 10x telephoto cameras (72mm and 240mm equivalent focal lengths, respectively), both with optical image stabilization. That’s one additional rear-facing camera compared to the S20 Ultra’s three rear sensors.

Samsung Galaxy S21 Ultra

Photo: WinFuture

The S21’s 10x lens will use a folded optic design like that of the S20’s telephoto camera. We expect that Samsung will once again offer hybrid zoom that reaches much farther than that 10x optical range.

Some other subtle camera updates look to be on the way, too. The main 108-megapixel camera gets a slightly wider 24mm (versus 26mm) equivalent lens. It will also get laser-assisted autofocus: something that the S20 Ultra didn’t offer but the Note 20 Ultra later introduced. And WinFuture says that despite the main camera sensor’s on-paper similarities to the last generation, this is a new sensor that should offer better image quality than the last.

Samsung will need every advantage to compete with the iPhone 12 Pro Max, which we think is the best smartphone camera on the market today. Historically, Samsung has taken more of a hardware-heavy approach to mobile imaging, increasingly using its own house-made sensors rather than grabbing Sony’s off the shelf, and being early to adopt dual- and triple-lens cameras on its devices.

Part of the reason Samsung has leaned so hard into advanced hardware is that its computational photography hasn’t kept up with either Apple or Google. Only recently has it come up to par with features like Night Mode. But now it’s another year, and there’s more work to be done to catch up…


Industrial Computer Maker Confirms Ransomware, Data …

Advantech reports the stolen data was confidential but did not contain high-value documents.

Industrial computer manufacturer Advantech has confirmed a ransomware attack that led to the theft of confidential, though low-value, corporate documents, BleepingComputer reports. 

Advantech, a global leader of embedded and automation platforms for Internet of Things (IoT) system integrators, manufactures embedded PCs, industrial IoT (IIoT) devices, network devices, servers, intelligent systems, and intelligent healthcare tools among its many offerings.

The Conti ransomware group was reportedly behind this attack and demanded a $12.6 million ransom to both decrypt target systems and stop publishing the data they stole. They also claimed they would remove backdoors installed on Advantech’s network if the ransom was paid. Attackers began to leak stolen data on their ransomware data leak website on Nov. 26. 

Advantech reports the affected server has been recovered and all key operating systems are functioning as normal.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio


Recommended Reading:

More Insights