[ad_1]
WASHINGTON (AP) — Elite Russian government hackers behind last year’s big event Solar Winds The cyber-espionage campaign hasn’t been easy this year, deftly and covertly managing multiple infiltrations of US and allied government agencies and foreign policy think tanks, a leading cybersecurity firm reported on Monday.
On the anniversary of its public release Solar Winds intrusions, mandiant He said hackers linked to Russia’s SVR foreign intelligence agency continue to steal data “relevant to Russian interests” to great effect, using new, clandestine techniques he detailed in a mostly technical report aimed at helping security experts stay alert.
happened mandiant, not the US government that disclosed Solar Winds.
While the number of government agencies and companies attacked by the SVR is less this year than last year, when nearly 100 organizations were breached, the damage is difficult to assess, Charles Carmakal said. mandiantchief technical officer. In general, the effect is quite serious. “Companies that are attacked also lose information.”
“Not everyone discloses the event(s) because they are not always legally required to disclose it,” he said, complicating the damage assessment.
Russian cyber espionage, as always, is emerging mostly in the shadows as the US government in 2021 is a separate, extremely “noisy” and headline-grabbing cyber threat – mostly consumed by ransomware attacks launched by criminal gangs rather than by nation-state hackers. output. As it stands, these gangs are largely protected by the Kremlin.
NS mandiant findings follow an October report Microsoft He said hackers, whose umbrella group he calls Nobelium, continue to infiltrate government agencies, foreign policy think tanks and other organizations focused on Russian affairs, through cloud service companies and managed service providers they increasingly trust. mandiant take off one’s hat MicrosoftThreat researchers report.
mandiant The researchers said they “continue to develop and identify new techniques and trading tools” that allow Russian hackers to linger in victim networks, avoid detection, and confuse attempts to attribute hacks to them. In short, Russia’s most elite state-sponsored hackers are as cunning and adaptable as ever.
mandiant It did not identify individual victims or explain what specific information may have been stolen, but said unidentified “diplomatic entities” who received malicious phishing emails were among the targets.
Cloud computing services are often the way hackers have shown the least resistance to their targets, the researchers say. From there, they used the stolen credentials to infiltrate the networks. The report explains how they gained access to a victim’s information in one case. Microsoft 365 system via a stolen session. And according to the report, hackers routinely relied on sophisticated trading tools to cover their tracks.
A clever technique discussed in the report illustrates the ongoing cat-and-mouse game that digital espionage entails. Hackers set up intrusion bridges using IP addresses, a numerical designation that identifies one’s location on the internet, that is physically located near an account they are trying to breach, for example in the same address block as a person’s local internet provider. This makes it extremely difficult for security software to detect a hacker using stolen credentials, which appears to be someone trying to access work accounts remotely.
NS Solar Winds They hacked exploits of vulnerabilities in the software supply chain system and went undetected for most of 2020 despite compromises by a large federal agency, including the Department of Justice, and dozens of companies, primarily telecommunications and information technology providers. mandiant and Microsoft.
Hack campaign name Solar Winds after the US software company whose product was used in the initial infection of this effort. The Biden administration imposed sanctions last April in response to the attack, including six Russian companies that support the country’s cyber efforts.
[ad_2]
Source link