SolarWinds hackers are tied to known Russian spying tools

(Reuters) — The group behind a global cyber espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.

Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as Turla, which Estonian authorities have said operates on behalf of Russia’s FSB security service.

The findings are the first publicly available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.

Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called Kazuar that is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection.

“One such finding could be dismissed,” Raiu said. “Two things definitely make me raise an eyebrow. Three is more than a coincidence.”

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame.

Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise but did show there was a yet-to-be-determined connection between the two hacking tools.

It’s possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted “false flags” to mislead…


Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack

JP Morgan Chase Hack

A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies.

Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, and for his role in one of the largest thefts of U.S. customer data from a single financial institution in history, which involved the personal information of more than 80 million J.P. Morgan Chase customers.

Besides the investment bank, some of the other major targets of the hacks were E*Trade, Scottrade, and the Wall Street Journal.

Tyurin, who carried out the extensive hacking from his home in Moscow between 2012 to mid-2015, is believed to have netted over $19 million in criminal proceeds as part of his intrusion schemes.

In one such instance of security fraud, Tyurin collaborated with his partner Gery Shalon to artificially inflate the price of certain stocks publicly traded in the U.S. by marketing said stocks in a deceptive and misleading manner to customers of the victim companies whose contact information were stolen during the intrusions.

Russian Hacker
Photo Credit: REUTERS/Amir Cohen

To carry out the attacks, Tyurin is alleged to have used computer infrastructure located across five continents that were remotely controlled and is said to have maintained persistent access over long periods of time to the victims’ networks to download and refresh the stolen data from the companies periodically.

“And once his hacking activities were detected, TYURIN worked with Shalon to destroy the evidence of their criminal activity and undermine U.S. law enforcement’s efforts to identify and arrest them,” the U.S. Southern District of New York said in a statement.

The development comes after Tyurin pleaded guilty in September 2019 to carry out the wire and bank fraud, computer intrusions, and illegal online gambling. Tyurin has been in U.S. custody since he was extradited from the country of Georgia in September 2018.


[the_ad_group id="27628"]

U.S. District Court requires sensitive documents to be filed by paper in response to possible Russian hack

The suspected Russian hack of Microsoft’s internal systems through the SolarWinds supply chain has prompted the U.S. District Court for the Southern District of Ohio to issue an order bolstering its security procedures.

a close up of a tool: A judge's gavel

© File photo
A judge’s gavel

U.S. District Judge Algenon Marbley, the presiding judge, signed an order Friday requiring that certain highly sensitive documents be submitted outside the court’s normal PACER electronic filing system for their protection.       


Load Error

Until further notice, sensitive documents must be filed by paper or as an electronic copy on a secure electronic device with the clerk’s office, where it will be kept in a secure paper filing or standalone computer system. 

According to the court’s release, this order was prompted by the recent widespread breaches of government and private sector computer systems using Microsoft operating software.  Microsoft said hackers got to view some of its source code repositories but could not alter or make changes to the compromised accounts. 

The federal court considers applications for a search warrant, electronic surveillance and pen register or trap and trace devices highly sensitive. 

Based on the circumstances, some filings — like Social Security records, administrative immigration records and sealed filings in civil matters — may be designated highly sensitive by the court. 

Such documents must be submitted to the clerk’s office as either two paper copies or by filing the documents on a USB flash drive, along with the certificate and service. If applicable, a copy of the court order designating the document as highly sensitive should also be submitted.  

The U.S. District Court for the Southern District of Ohio has courthouses in Columbus, Cincinnati and Dayton, and encompasses forty-eight urban and rural counties in the southern half of Ohio. 

Questions about how a highly sensitive document should be filed with the court should be directed to the clerk’s office at 614-719-3000 in Columbus, 513-564-7500 in Cincinnati or 937-512-1400 in Dayton. 


Meet The Super Rich Czech Tech Company — And Its Russian CEO —Denying Links To The Huge SolarWinds Hack

Maxim Shafirov is looking grizzled, grumbling through a stubbled muzzle about having just two hours sleep, hunched over his computer as the snow falls behind him in a window that looks out to a wintry St. Petersburg. The Russian native’s grouchiness is understandable.

Shafirov is the CEO of Czech company JetBrains, which was likely one of the biggest tech companies you’d never heard of, until Wednesday when reports cited government sources saying it was being investigated for links to huge cyberattacks on U.S. government agencies and tech giants, via the hack of another low-profile IT provider, SolarWinds, and scores of its clients, including federal agencies. For millions of coders, the Prague-based business’ tools are invaluable, providing all manner of software to make their app building that much easier. Founded in 2000, it claims over 8 million paying users in over 213 countries. Company revenue for 2019, according to the most recently-available results for the privately-held business, stood at $270 million, with year-on-year growth of 33%. Shafirov, in an upbeat moment in an interview with Forbes, says that despite the Covid-19 pandemic, its revenue growth this last year was 10%, indicating near $300 million for 2020. The business was a so-called “unicorn” worth more than $1 billion, according to a JetBrains spokesperson.

Few outside the tech world would’ve paid the company much attention until reports in the New York Times, Reuters and the Wall Street Journal indicated those investigating what’s become one of the most severe acts of cyber espionage in recent memory were looking at the possibility JetBrains was involved. The reports hint JetBrains, or one of its apps, TeamCity, was hacked, leading to an infiltration at SolarWinds, which, in turn, had one of its own tools compromised and used to hijack customer networks. Amongst the victims are the Department of Justice, which yesterday revealed 3% of its Office 365 emails had been compromised. It joined the Department of Energy, the Treasury, Microsoft,…