Tag Archive for: Monthslong

Russian hackers had months-long access to Denmark’s central bank

/in


SolarWinds hackers compromised Denmark's central bank

Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.

The breach was part of the SolarWinds cyber espionage campaign last year that the U.S. attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division commonly referred to as APT29, The Dukes, Cozy Bear, or Nobelium.

Hackers had access for months

The compromise came to light after technology publication Version2 obtained official documents from the Danish central bank through a freedom of information request.

The SolarWinds campaign is considered to be one of the most sophisticated supply-chain attacks as trojanized versions of the IT management platform SolarWinds Orion had been downloaded by 18,000 organizations across the world.

“The Solarwinds backdoor in Danmarks Nationalbank was open for seven months, before the attack was detected by coincidence by the American IT-security company Fire Eye [sic]” – Version2

Despite the hackers’ long-term access, the bank said that it found no evidence of compromise beyond the first stage of the attack, as it happened with thousands of organizations that installed the trojanized version of SolarWinds Orion.

This indicates that Denmark’s central bank was merely a victim of the larger attack and it was not a target of interest for the hackers, as was the case with numerous U.S. federal agencies.

In an email statement for Version2, the bank admitted that it was affected by the SolarWinds supply-chain attack and that it took action immediately after learning of the compromise.

“Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences” – Denmark Central Bank

The SolarWinds attack became known when cybersecurity company FireEye disclosed it in December 2020 after detecting the hackers’ presence on its network.

It soon became clear that the hackers focused on entities in the U.S., their goal being to gain access to cloud assets, email in particular [1, 2, 3], of specific targets, including…

Source…

Monthslong hacking campaign deemed grave threat to U.S. national security puts Microsoft in hot seat

/in


The sprawling hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds, for the company whose software update was seeded by Russian intelligence agents with malware to penetrate sensitive government and private networks.

Yet it was Microsoft whose code the cyber spies persistently abused in the campaign’s second stage, rifling through emails and other files of such high-value targets as then-acting Homeland Security chief Chad Wolf — and hopping undetected among victim networks.

This has put the world’s third-most valuable company in the hot seat. Because its products are a de facto monoculture in government and industry — with more than 85% market share — federal lawmakers are insisting that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.

Seeking to assuage concerns, Microsoft this past week offered all federal agencies a year of “advanced” security features at no extra charge. But it also seeks to deflect blame, saying it is customers who do not always make security a priority.

Risks in Microsoft’s foreign dealings also came into relief when the Biden administration imposed sanctions Thursday on a half-dozen Russian IT companies it said support Kremlin hacking. Most prominent was Positive Technologies, which was among more than 80 companies that Microsoft has supplied with early access to data on vulnerabilities detected in its products. Following the sanctions announcement, Microsoft said Positive Tech was no longer in the program and removed its name from a list of participants on its website.

The SolarWinds hackers took full advantage of what George Kurtz, CEO of top cybersecurity firm CrowdStrike, called “systematic weaknesses” in key elements of Microsoft code to mine at least nine U.S. government agencies — the departments of Justice and Treasury, among them — and more than 100 private companies and think tanks, including software and telecommunications providers.

The SolarWinds hackers’ abuse of Microsoft’s identity and access architecture — which validates users’ identities and grants them…

Source…