Tag Archive for: russian

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

/in


News Highlights: Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say.

Almost a third of the victims have it

SolarWinds Corp.

SWI 0.24%

software initially considered the main attack route for the hackers, according to investigators and the government agency who looked into the incident. The revelation sparks concerns that the episode exploited vulnerabilities in enterprise software used by millions every day.

SHARE YOUR THOUGHTS

What changes do you think the U.S. government and businesses may need to make to protect data? Join the conversation below.

Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, guessing passwords online, and responding to a variety of issues in the way

Microsoft Corp.’s

MSFT -2.92%

According to the researchers, cloud-based software has been configured.

About 30% of both private and government victims linked to the campaign had no direct affiliation with SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview.

The attackers “gained access to their targets in various ways. This adversary has been creative, ”said Mr. Wales, whose agency, part of the United States Department of Homeland Security, is coordinating the government’s response. “It is absolutely correct that this campaign should not be viewed as the SolarWinds campaign.”

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, at a Senate subcommittee hearing in December.

Photo:

Rod Lamkey – Cnp / Zuma Press

Company investigators come to the same conclusion. Last week, computer security company Malwarebytes Inc. that some of his Microsoft cloud email accounts were compromised by the same attackers which SolarWinds attacked, using what Malwarebytes called “another intrusion vector.” The hackers broke into a Malwarebytes Microsoft Office 365 account and took advantage of a loophole in the software’s configuration to access a greater number of email accounts, Malwarebytes said. The company said it does not use SolarWinds software.

The incident showed how advanced attackers could jump from one cloud…

Source…

Russian hack of US agencies exposed supply chain weaknesses – CBS17.com

/in


WASHINGTON (AP) — The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.

It wasn’t surprising that hackers were able to exploit vulnerabilities in what’s known as the supply chain to launch a massive intelligence gathering operation. U.S. officials and cybersecurity experts have sounded the alarm for years about a problem that has caused havoc, including billions of dollars in financial losses, but has defied easy solutions from the government and private sector.

“We’re going to have to wrap our arms around the supply-chain threat and find the solution, not only for us here in America as the leading economy in the world, but for the planet,” William Evanina, who resigned last week as the U.S. government’s chief counterintelligence official, said in an interview. “We’re going to have to find a way to make sure that we in the future can have a zero-risk posture, and trust our suppliers.”

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The sheer number of steps in that process, from design to manufacture to distribution, and the different entities involved give a hacker looking to infiltrate businesses, agencies and infrastructure numerous points of entry.

This can mean no single company or executive bears sole responsibility for protecting an entire industry supply chain. And even if most vendors in the chain are secure, a single point of vulnerability can be all that foreign government hackers need. In practical terms, homeowners who construct a fortress-like mansion can nonetheless find themselves victimized by an alarm system that was compromised before it was installed.

The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code…

Source…

Suspected Russian Hackers Targeted Cyber Firm Malwarebytes

/in


(Bloomberg) — Suspected Russian hackers targeted the cybersecurity company Malwarebytes Inc. in the course of a sprawling cyber-attack that breached U.S. government agencies and companies.



a close up of a computer keyboard: A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.

© Bloomberg
A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.

The attacker abused “applications with privileged access to Microsoft Office 365 and Azure environments,” according to a Tuesday blog post by Chief Executive Officer Marcin Kleczynski. He said the attack was part of the same hacking campaign that has utilized infected software from SolarWinds Corp. to target other organizations.

Loading...

Load Error

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments,” Kleczynski wrote.

U.S. intelligence agencies and the FBI have said the recent hacking campaign — which was found and disclosed by the cybersecurity firm FireEye Inc. in December — was likely undertaken by Russia. In many instances, attackers broke into systems through a compromised version of widely used software from Texas-based SolarWinds Corp.

However, analysts have said that SolarWinds’s software wasn’t the only method the suspected Russian hackers used to breach networks. On Tuesday, the firm Symantec discovered a new form of malware used in the attack that wasn’t delivered through SolarWinds, suggesting the hack could be broader than previously understood. The firm CrowdStrike Inc. said the hackers had attempted to break into their networks by compromising a third-party vendor that resells Microsoft services. If a reseller is breached and has access to a client’s credentials, the attacker could then hack into the client’s networks.

On Dec. 15,…

Source…

SolarWinds hackers are tied to known Russian spying tools

/in


(Reuters) — The group behind a global cyber espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.

Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as Turla, which Estonian authorities have said operates on behalf of Russia’s FSB security service.

The findings are the first publicly available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.

Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called Kazuar that is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection.

“One such finding could be dismissed,” Raiu said. “Two things definitely make me raise an eyebrow. Three is more than a coincidence.”

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame.

Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise but did show there was a yet-to-be-determined connection between the two hacking tools.

It’s possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted “false flags” to mislead…

Source…