Tag Archive for: russian

Russian hackers target US networks in ‘ongoing’ cyberattack

/in


Russian-linked hackers blamed for the massive cyberattack on the US last year have been targeting hundreds of companies and organizations in its latest wave of attacks on US-based computer networks — as the White House dismisses the incident as “unsophisticated, run-of-the-mill operations.”

In a blog post Sunday, Microsoft said Nobelium — the Russian-based agency behind last year’s widespread SolarWinds attack — has been targeting cloud service providers and technology service organizations in a bid to obtain data.

The attacks have targeted organizations in the US and Europe since May, Microsoft said.

One of Microsoft’s top security officers, Tom Burt, told the New York Times, which first reported the breach, that the latest attack was “very large and ongoing.”

“Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Microsoft said in its blog post.

A smartphone displays the Microsoft logo in this illustration taken July 26, 2021.
Top Microsoft security officer Tom Burt claims Russian agency Nobelium is trying to disrupt the “global IT supply chain.”
REUTERS

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” 

Microsoft said it had notified 609 customers between July 1 and Oct. 19 that they had been attacked.

The company insisted only a small percentage of the latest attempts were successful.

President Joe Biden greets Russian President Vladimir Putin during a US-Russia Summit in Geneva, Switzerland on June 16, 2021.
President Biden greets Russian President Vladimir Putin during a US-Russia summit in Geneva, Switzerland, on June 16, 2021.
Getty Images

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian…

Source…

Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks

/in



The Russian hackers behind a successful 2020 breach of US federal agencies have in recent months tried to infiltrate US and European government networks, cybersecurity analysts tracking the group told …

Source…

Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks – WRCBtv.com

/in


The Russian group is best known for using tampered software made by federal contractor SolarWinds to breach at least nine US agencies in activity that came to light in December 2020. The attackers were undetected for months in the unclassified email networks of the departments of Justice, Homeland Security and others, and it was FireEye, Mandiant’s former parent firm, not a government agency, that discovered the hacking campaign.

Source…

APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

/in


Unpacking the Matryoshka dolls behind Kremlin-backed cybercrime campaigns

APT focus: 'Noisy' Russian hacking crews are among the world's most sophisticated threat groups

State-sponsored Russian cyber espionage groups are among the most sophisticated of the nation-state threat actors, with an added flair for deception that makes them the canniest of adversaries.

Experts quizzed by The Daily Swig said that Russian cyber-threat actors are among the best in the world, on a par with the top groups operating out of China, and with similar capabilities to western intelligence agencies – especially those with close links to the Federal Security Service (FSB) or military.

What are the techniques and tactics of Russian threat actors?

Russian state-sponsored actors typically have more sophisticated tactics, techniques, and procedures (TTPs) alongside custom malware development capabilities and tighter operational security when compared to other groups.

Xueyin Peh, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig: “Russia-linked APT groups are arguably some of the most technically advanced state-sponsored threat groups.

“They have used techniques that enable them to remain undetected for long periods of time, such as in the supply chain attack leveraging SolarWinds’ Orion Platform (which likely began as early as Spring 2020 but was only made known publicly in December 2020).

“This large-scale intrusion and the multiple techniques used to obfuscate their activity are testament to the technical prowess of these groups. In comparison, very few other state-associated APT groups – probably only those linked to the People’s Republic of China – have conducted supply chain attacks of similar scale,” Peh added.

The recent SolarWinds campaign that drew so much attention to the threat of Russian cyber espionage was actually atypical for Russian actors in its use of a technology supply chain access vector, according to some threat intel experts.

SOLARWINDS ATTACK Hackers could have launched supply chain attack months earlier than previously thought

Paul Prudhomme, head of threat intelligence advisory at IntSights, explained: “Russian cyber espionage groups have not historically used such attack vectors on any…

Source…