Tag Archive for: russian

Suspected Russian Hackers Targeted Cyber Firm Malwarebytes

/in


(Bloomberg) — Suspected Russian hackers targeted the cybersecurity company Malwarebytes Inc. in the course of a sprawling cyber-attack that breached U.S. government agencies and companies.



a close up of a computer keyboard: A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.

© Bloomberg
A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.

The attacker abused “applications with privileged access to Microsoft Office 365 and Azure environments,” according to a Tuesday blog post by Chief Executive Officer Marcin Kleczynski. He said the attack was part of the same hacking campaign that has utilized infected software from SolarWinds Corp. to target other organizations.

Loading...

Load Error

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments,” Kleczynski wrote.

U.S. intelligence agencies and the FBI have said the recent hacking campaign — which was found and disclosed by the cybersecurity firm FireEye Inc. in December — was likely undertaken by Russia. In many instances, attackers broke into systems through a compromised version of widely used software from Texas-based SolarWinds Corp.

However, analysts have said that SolarWinds’s software wasn’t the only method the suspected Russian hackers used to breach networks. On Tuesday, the firm Symantec discovered a new form of malware used in the attack that wasn’t delivered through SolarWinds, suggesting the hack could be broader than previously understood. The firm CrowdStrike Inc. said the hackers had attempted to break into their networks by compromising a third-party vendor that resells Microsoft services. If a reseller is breached and has access to a client’s credentials, the attacker could then hack into the client’s networks.

On Dec. 15,…

Source…

SolarWinds hackers are tied to known Russian spying tools

/in


(Reuters) — The group behind a global cyber espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.

Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as Turla, which Estonian authorities have said operates on behalf of Russia’s FSB security service.

The findings are the first publicly available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.

Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called Kazuar that is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection.

“One such finding could be dismissed,” Raiu said. “Two things definitely make me raise an eyebrow. Three is more than a coincidence.”

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame.

Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise but did show there was a yet-to-be-determined connection between the two hacking tools.

It’s possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted “false flags” to mislead…

Source…

Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack

/in


JP Morgan Chase Hack

A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies.

Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, and for his role in one of the largest thefts of U.S. customer data from a single financial institution in history, which involved the personal information of more than 80 million J.P. Morgan Chase customers.

Besides the investment bank, some of the other major targets of the hacks were E*Trade, Scottrade, and the Wall Street Journal.

Tyurin, who carried out the extensive hacking from his home in Moscow between 2012 to mid-2015, is believed to have netted over $19 million in criminal proceeds as part of his intrusion schemes.

In one such instance of security fraud, Tyurin collaborated with his partner Gery Shalon to artificially inflate the price of certain stocks publicly traded in the U.S. by marketing said stocks in a deceptive and misleading manner to customers of the victim companies whose contact information were stolen during the intrusions.

Russian Hacker
Photo Credit: REUTERS/Amir Cohen

To carry out the attacks, Tyurin is alleged to have used computer infrastructure located across five continents that were remotely controlled and is said to have maintained persistent access over long periods of time to the victims’ networks to download and refresh the stolen data from the companies periodically.

“And once his hacking activities were detected, TYURIN worked with Shalon to destroy the evidence of their criminal activity and undermine U.S. law enforcement’s efforts to identify and arrest them,” the U.S. Southern District of New York said in a statement.

The development comes after Tyurin pleaded guilty in September 2019 to carry out the wire and bank fraud, computer intrusions, and illegal online gambling. Tyurin has been in U.S. custody since he was extradited from the country of Georgia in September 2018.

Source...


[the_ad_group id="27628"]

U.S. District Court requires sensitive documents to be filed by paper in response to possible Russian hack

/in


The suspected Russian hack of Microsoft’s internal systems through the SolarWinds supply chain has prompted the U.S. District Court for the Southern District of Ohio to issue an order bolstering its security procedures.



a close up of a tool: A judge's gavel

© File photo
A judge’s gavel

U.S. District Judge Algenon Marbley, the presiding judge, signed an order Friday requiring that certain highly sensitive documents be submitted outside the court’s normal PACER electronic filing system for their protection.       

Loading...

Load Error

Until further notice, sensitive documents must be filed by paper or as an electronic copy on a secure electronic device with the clerk’s office, where it will be kept in a secure paper filing or standalone computer system. 

According to the court’s release, this order was prompted by the recent widespread breaches of government and private sector computer systems using Microsoft operating software.  Microsoft said hackers got to view some of its source code repositories but could not alter or make changes to the compromised accounts. 

The federal court considers applications for a search warrant, electronic surveillance and pen register or trap and trace devices highly sensitive. 

Based on the circumstances, some filings — like Social Security records, administrative immigration records and sealed filings in civil matters — may be designated highly sensitive by the court. 

Such documents must be submitted to the clerk’s office as either two paper copies or by filing the documents on a USB flash drive, along with the certificate and service. If applicable, a copy of the court order designating the document as highly sensitive should also be submitted.  

The U.S. District Court for the Southern District of Ohio has courthouses in Columbus, Cincinnati and Dayton, and encompasses forty-eight urban and rural counties in the southern half of Ohio. 

Questions about how a highly sensitive document should be filed with the court should be directed to the clerk’s office at 614-719-3000 in Columbus, 513-564-7500 in Cincinnati or 937-512-1400 in Dayton. 

Source…