Tag Archive for: SolarWinds

Russian hackers behind SolarWinds renew cyberattacks

/in


The state-backed group of Russian hackers behind a massive cyberattack on security firm SolarWinds revealed last year, has re-emerged with a series of attacks on government agencies, think tanks, consultants, and other organizations, according to officials and researchers. A security update from Microsoft late last week said the group known as Nobelium has stepped up attacks, notably targeting government agencies involved in foreign policy as part of intelligence gathering efforts.

The US government’s Cybersecurity and Infrastructure Security Agency posted a link to the Microsoft update and urged computer network administrators to “apply the necessary mitigations.” Microsoft said it detected a “sophisticated” and large-scale campaign that delivered phishing emails delivering malicious software and enabling the hackers to get protected data from victims.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Microsoft vice president Tom Burt said in a blog post. The news comes a month after Washington imposed sanctions and expelled Russian diplomats in response to Moscow’s connection with the Russian hackers involved in the massive attacks last year on SolarWinds, a security software firm, as well as for election interference and other hostile activity.

“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” wrote Burt. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”

The new attacks enabled the hackers were able to gain access to email servers operated by the firm Constant Contact, to be able to spoof the US Agency for International Development and send out mass emails with disinformation, according to the update. In one example, emails appearing to be from USAID showed a “special alert” stating that “Donald Trump has published new documents on election fraud.

Users who…

Source…

SolarWinds hackers, linked to Russia, target USAID email accounts

/in


Source…

Microsoft Catches NOBELIUM’s Email Malware Plans, Also Known for its Part in SolarWinds’ Attack

/in


Microsoft catches NOBELIUM before they can even distribute a wide-scale email URL malware, which was intended for the US technological landscape, preventing another “SolarWinds” attack from happening. NOBELIUM is a known group that was linked with the recent hack of SolarWinds and is considered to be a massive threat by the security industry.

Microsoft

(Photo : GettlyImages/ Stephen Lam)
Microsoft post-pandemic plans revealed

As most people say “Crisis averted,” and that was thanks to Microsoft’s diligent monitoring and research about the threat actors otherwise known as “NOBELIUM,” which have been observed lately. The group had been making its stealthy actions since January this year, carefully planning their attack, and striking when already completing all of its variables. 

Initially, SolarWinds’ malware attack last December was attributed to the Russians but has denied any connections or actions with regards to it. Good thing is that organizations like Microsoft were able to complete and connect the dots, and have discovered new names in the tech industry which are responsible for said malware. 

Read Also: Biggest iPhone Hack Ever: ‘Fortnite’ Trial Exposes Emails Detailing the ‘XCodeGhost’ Malware

Microsoft Catches NOBELIUM in the Act

NOBELIUM Malware Attack Discovered by Microsoft

(Photo : Screenshot From Pexels Official Website)

While SolarWinds is yet to fully recover from the attack, as it was projected it would take up to 18 months at the most, its threat actors are back to enact their reign of terror amongst others. According to Microsoft’s latest report, the Microsoft Threat Intelligence Center (MSTIC) has detected a new sophisticated approach in hacking into systems. 

Microsoft said that it has been getting into systems since early January 2021, and has been making its way into systems. Its recent attack had leveraged Constant Contract, a mass-mailing service, to distribute the said email malware URLs. 

The notorious NOBELIUM has been made, and it is good news for the tech industry as it has evaded a big one, especially with the way that the threat actors work. A lot of cases were attributed to them, with NOBELIUM’s hacking portfolio having a significant list of…

Source…

Russian spy chief rebuffs “pathetic” SolarWinds hack accusations

/in


The head of the Russian Foreign Intelligence Service (SVR) has denied any involvement in last year’s SolarWinds cyber attack which saw hackers infiltrate the networks of hundreds of companies as well as nine US governmental agencies.

SVR director Sergei Naryshkin told the BBC that he is “flattered” by the accusations from US and UK authorities that claim  Moscow had orchestrated such a sophisticated hack, yet added that he could not “claim the creative achievements of others as his own”.

“These claims are like a bad detective novel,” he told the BBC‘s Moscow correspondent Steve Rosenberg, who asked Naryshkin about the SVR’s links to the hacking group known as APT29, Cozy Bear, or the Dukes, which have been accused of carrying out the cyber attack.

Naryshkin described “all these claims about cyber attacks, poisonings, hacks, interference in elections which are blamed on Russia” as “absurd, and in some cases so pathetic”. 

Instead, he suggested that the SolarWinds hack might have been orchestrated by the West, which could have used similar tactics to those exposed by former National Security Agency contractor Edward Snowden. He leaked documents detailing the US and UK intelligence services’ efforts to “insert secret vulnerabilities into commercial encryption software” with the help of ISP providers and tech companies.

“I don’t want to assert that this cyber attack was carried out by a US agency but the tactics are similar,” said Naryshkin, who also questioned the evidence obtained by the US and UK intelligence agencies that linked the attack to Moscow.

President Donald Trump previously stated that the SolarWinds hack might have been orchestrated by the Chinese state and accused media outlets of being “petrified of discussing the possibility that it may be China”. However, the FBI, CISA, ODNI, and the NSA claimed that the Advanced Persistent Threat (APT) actor behind the incident is “likely Russian in origin”.

The statement prompted Russia’s National Coordination Center for Computer Incidents (NKTSKI) to issue a warning to Russian businesses, claiming that the new Biden administration could carry out reprisal attacks on critical infrastructure. 

Last…

Source…