Monday, October 3, 2022

Report says Russian hackers have not weakened espionage efforts

WASHINGTON (AP) – The elite Russian government hackers behind last year’s massive cyber-espionage campaign SolarWinds have hardly weakened this year, managing multiple infiltrations into U.S. and allied government agencies and foreign policy think tanks with unrivaled skill and stealth, reported a leading cybersecurity firm.

Also on Monday, Microsoft announced that it thwarted the cyber espionage of a state-backed Chinese hacker group by hijacking websites it used to gather intelligence from foreign ministries, think tanks, and human rights organizations in the United States and 28 other countries, mostly in Latin. America and Europe.

Microsoft said last Thursday a Virginia federal court granted its request to seize 42 web domains that a Chinese hacker group, which it calls Nickel, but also known as APT15 and Vixen Panda, has used to access targets that are usually geopolitical. China. The blog says that “a key piece of infrastructure the group relied on” in the latest wave of infiltrations has been removed. The seized domains include elperuanos.org, pandemicacre.com, and cleanskycloud.com.

The double announcements, while unrelated, highlight the relentless drumbeat of digital espionage from its main geopolitical rivals, the United States, whose cyber-invasion skills are only matched by those of the United States.

A year after the SolarWinds intrusion was discovered, Mandiant said that hackers linked to the Russian Foreign Intelligence Service (SVR) continued to steal data “relevant to Russian interests” with great success, using new stealth techniques that are detailed in the main technical report directed to ensure safety. professionals are vigilant. SolarWinds was disclosed by Mandiant, not the US government.

Despite the fact that the number of government agencies and companies hacked by SVR was less this year than last year, when about 100 organizations were hacked, it is difficult to assess the damage, according to Charles Karmakal, CTO at Mandiant. In general, the impact is quite serious. “Companies that get hacked also lose information.”

“Not everyone discloses incidents because they are not always required to legally disclose them,” he said, complicating the damage assessment.

Russian cyber espionage, as always, developed largely in the shadows, as in 2021 the US government was swallowed up by a separate, highly “noisy” and loud cyber threat – ransomware attacks, initiated not by hackers of the nation state, but rather by criminal groups … As it turns out, these gangs are largely protected by the Kremlin.

Mandiant’s findings follow Microsoft’s October report that hackers, whose umbrella group he calls Nobelium, continue to infiltrate government offices, foreign policy think tanks and other organizations dealing with Russian affairs through cloud service companies and so-called managed service providers. on which they increasingly rely. Mandiant researchers said Russian hackers “continue to innovate and uncover new trading methods and techniques,” allowing them to remain on victims’ networks, hinder detection and confuse attempts to attribute hacks to them.

Mandiant did not identify individual victims or describe what specific information might have been stolen, but said the targets included unspecified “diplomatic agencies” that received malicious phishing emails.

Cloud computing services were often the least resistant to hackers, the researchers say. From there, they used the stolen credentials to infiltrate the networks. The report describes how in one case they gained access to one victim’s Microsoft 365 system via a stolen session token. And, as the report says, hackers generally relied on best practices to cover their tracks.

One clever trick discussed in the report illustrates the ongoing cat-and-mouse game that digital espionage entails. Hackers establish footholds for intrusions using IP addresses, a numeric designation that identifies their location on the Internet, which were physically located next to the account they are trying to hack – in the same block of addresses, for example, as a local ISP … This makes it very difficult for security software to detect a hacker using stolen credentials posing as someone trying to remotely access their work account.

Microsoft had no illusion that the website hijacking it announced on Monday would scare off the Chinese hackers it has been tracking since 2016. The company said that the destruction was associated with the infrastructure, which it has been tracking since 2019, most of which is operated on-premises, as opposed to the cloud – Exchange Server and SharePoint systems. To date, Microsoft said it has used legal deletion tactics in 24 lawsuits, resulting in the destruction of a total of 600 sites used by national government entities and 10,000 by cybercriminals.

The SolarWinds hack exploited vulnerabilities in the software supply chain and went unnoticed for much of 2020, despite compromises across a wide range of federal agencies, including the Department of Justice, and dozens of companies, most notably telecommunications and information technology providers, including Mandiant and Microsoft. … …

The hacker campaign was named SolarWinds in honor of the American software company whose product was used during the first stage of the infection. The Biden administration imposed sanctions last April in response to the hack, including against six Russian companies supporting the country’s cyber efforts.

Nation World News Desk
Nation World News Deskhttps://nationworldnews.com
Nation World News is the fastest emerging news website covering all the latest news, world’s top stories, science news entertainment sports cricket’s latest discoveries, new technology gadgets, politics news, and more.
Latest news
Related news
- Advertisement -