Tag: SolarWinds | Page 4

Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks – WRCBtv.com

October 9, 2021/in Computer Security

The Russian group is best known for using tampered software made by federal contractor SolarWinds to breach at least nine US agencies in activity that came to light in December 2020. The attackers were undetected for months in the unclassified email networks of the departments of Justice, Homeland Security and others, and it was FireEye, Mandiant’s former parent firm, not a government agency, that discovered the hacking campaign.

Source…

The Software Company Autodesk Also Targeted by the SolarWinds Hackers

September 5, 2021/in Computer Security

Surprise or not, it looks like the SolarWinds attacks have gone further than we might have thought. It happens that one of the targeted companies by the Russian attackers back then was also Autodesk who only recently confirmed they were affected by the attack at the time.

Nine months have passed since Autodesk allegedly discovered and neutralized the attack on one of its servers that was the recipient of the backdoor malware.

Autodesk is an American company that is focused on developing software and providing services to millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design), drafting, and 3D modeling tools.

We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents.

While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations.

Source

Approached by BleepingComputer reporters, an Autodesk employee who preferred to remain under the protection of anonymity pointed that the attackers failed to deploy any other malware on Autodesk servers than the Sunburst Backdoor; this most likely happened due to the fact that the server has never been selected for a subsequent exploitation stage or merely they did not act fast enough before being detected by Autodesk.

Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied.

Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation.

Source

Many Other Companies Were Breached

As it has been previously been reported the supply-chain attack that happened before the attack on SolarWinds has also been coordinated by a dedicated hacking Russian Foreign Intelligence Service that has several labels varying from APT29 to The Dukes or The Cozy Bear.

The source code of Orion Software Platform has been affected by Trojan attacks impacting builds that were released between 2020 in March and June.

The…

Source…

A zero-day iOS attack puts SolarWinds hackers at risk for a fully updated iPhone

August 1, 2021/in Internet Security

According to Google and Microsoft, a Russian national hacker who organized a SolarWinds supply chain attack last year was part of another malicious email campaign aimed at stealing web credentials from the Western European government. Exploited a zero-day attack on iOS.

so Position Google announced Wednesday, and researchers Maddy Stone and Clement Lesigne said at the time that “actors who may be backed by the Russian government” sent a message to government officials via LinkedIn. He said he exploited an unknown vulnerability.

Moscow, Western Europe, USAID

An attack targeting CVE-2021-1879 redirected the user to a domain that had a malicious payload installed on a fully updated iPhone due to zero-day tracking. According to researchers, the attack was consistent with a campaign by the same hacker who delivered malware to Windows users.

Campaigns are closely tracked to one Microsoft disclosed in May.. In that case, Microsoft has an account under USAID, the name Nobelium used by the company to identify the hackers behind SolarWinds supply chain attacks, which is the U.S. government agency that manages private foreign and development assistance. He said he had infringed first. By managing the account of the agency of the online marketing company Constant Contact, hackers can send emails that appear to be using an address that is known to belong to a US agency.

The federal government attributed last year’s supply chain attack to hackers working at Russia’s Foreign Intelligence Service (SVR for short).for 10 years or more, SVR has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries such as Germany, Uzbekistan, South Korea, and the United States.target It contains 2014 US State Department and White House. Other names used to identify the group include APT29, Dukes, and Cozy Bear.

In an email, Shane Huntley, head of Google’s threat analysis group, confirmed the link between USAID-related attacks and iOS zero-day attacks on the WebKit browser engine.

“These are two different campaigns, but based on our visibility, we believe that the actors behind WebKit’s zero-day and USAID campaigns are the same group of…

Source…

SolarWinds hackers nailed federal prosecutors’ offices, Department of Justice says

July 31, 2021/in Computer Security

Hackers hit the offices of top US federal prosecutors nationwide last December, breaking in to email accounts, the Department of Justice said Friday. As part of the SolarWinds hack, attackers accessed accounts at nearly 30 US Attorneys’ offices, including offices in Washington, DC; New York and California, the DOJ said.

a close up of a piece of paper: Hackers had access to email accounts for more than six months, the DOJ says. Samuel Corum/Getty Images

© Provided by CNET
Hackers had access to email accounts for more than six months, the DOJ says. Samuel Corum/Getty Images

The department had revealed in January that its Microsoft O365 email environment had been breached, but it hadn’t provided the information about the US Attorneys.

“The Department of Justice understands that when victims make information public about the nature and scope of computer intrusions they suffered, others can use that information to prepare themselves for the next threat,” the DOJ said in a statement Friday. “To encourage transparency and strengthen homeland resilience, today we are providing additional details about the SolarWinds intrusion in December 2020.”

The DOJ said at least one employee’s account had been accessed at 27 offices from the West Coast to the East. It said at least 80% of employees at the US Attorneys’ offices in the Eastern, Northern, Southern, and Western Districts of New York had seen their accounts breached, with other districts “impacted to a lesser degree.”

Load Error

The hackers are thought to have had access to breached accounts from about May 7 to Dec. 27 of last year, the DOJ said, adding that exposed data included sent, received and stored emails as well as attachments. The agency said in January that it had plugged the breach.

“The Department’s objective continues to be mitigating the operational, security, and privacy risks caused by the incident,” the DOJ said in its Friday statement.

The SolarWinds hack, which US intelligence agencies say likely originated in Russia, hit customers of IT software provider SolarWinds, including a number of private businesses and federal agencies. Victims included high-level officials at the Department of Homeland Security, showing that not even the government agency in charge of defending the US from foreign…

Source…

Tag Archive for: SolarWinds

Many Other Companies Were Breached