At least 200 victims identified in alleged Russian piracy



[ad_1]

At least 200 organizations, including government agencies and companies around the world, have been hacked as part of an alleged Russian cyberattack that implanted malicious code in widely used software, says a cybersecurity firm and three people familiar with the investigations in course.

The number of actual hacking victims has been one of many unanswered questions surrounding the cyberattack, which used a backdoor in SolarWinds Corpation’s Orion network management software as the basis for future attacks.

Russian hackers are widely suspected of being behind the worst hacking by US government agencies.

Patrick Semansky / AP

Russian hackers are widely suspected of being behind the worst hacking by US government agencies.

Up to 18,000 SolarWinds customers received a malicious update that included the backdoor, but the number that was actually hacked, meaning the attackers used the backdoor to infiltrate computer networks, is likely to be much lower.

Recorded Future Inc., a Massachusetts-based cybersecurity company, has identified 198 victims who were hacked using the SolarWinds backdoor, threat analyst Allan Liska said.

READ MORE:
* The US Secretary of State says Russia is “ quite clearly ” behind the cyber attack.
* Hacked US government networks will have to be burned ‘to the ground’
* Hack may have exposed deep US secrets; damage still unknown
* America spent billions on the system to detect hackers – Russians outgrew it

Three other people said the investigation so far has determined that hackers further compromised at least 200 victims, moving within computer networks or attempting to obtain user credentials, what cybersecurity experts call “hands-on activity.” keyboard”. The final number could increase from there.

Neither Recorded Future nor people familiar with the investigation provided the identities of the victims.

The number is expected to increase as extensive research continues. The motive of the hackers remains unknown and it is unclear what they searched or stole from the computer networks they infiltrated.

Of the approximately 18,000 SolarWinds customers who received the infected update, more than 1,000 experienced the malicious code by pinging a second-stage “command and control” server operated by hackers, giving them the option to access more of the update. network, according to the public data available and the three people.

Secretary of State Mike Pompeo says Russia is 'clearly' behind the cyber attack on the US.

John Bazemore / AP

Secretary of State Mike Pompeo says Russia is ‘clearly’ behind the cyber attack on the US.

Hackers use command and control servers to manage malicious code once it is within a target network. Of those more than 1,000, researchers have so far determined that at least 200 were hacked.

The next step would be for the hackers themselves to infiltrate the computer network.

A SolarWinds spokesperson said the company “remains focused on collaborating with customers and experts to share information and work to better understand this issue.”

“They are still the first days of the investigation,” the spokesman said.

Hackers affiliated with the Russian government have been suspect from the start, and Secretary of State Michael Pompeo provided confirmation in an interview on Friday.

“There was a significant effort to use a piece of third-party software to essentially embed code within US government systems, and now it appears that they are systems of private companies and companies and governments around the world,” Pompeo said. in a radio interview. . “This was a very significant effort, and I think it is true that we can now say quite clearly that it was the Russians who participated in this activity.”

On Saturday, President Donald Trump downplayed the Twitter hack and suggested that China, not Russia, might be responsible, while the acting chairman of the Senate Intelligence Committee, Marco Rubio, said it was “increasingly clear that the Russian intelligence carried out the most serious cyber intrusion. in our history. “

US President Donald Trump has come under fire for his response to piracy.

AP Photo / Patrick Semansky

US President Donald Trump has come under fire for his response to piracy.

A major US cybersecurity agency issued an alert Thursday saying hackers posed a “serious risk” to federal, state and local governments, as well as critical infrastructure and the private sector. The US Cybersecurity and Infrastructure Security Agency, O Cisa, said the attackers were patient, well-resourced, and “demonstrated sophistication and complex business skill.”

Cisa also said that she had found evidence of other possible back doors in addition to the SolarWinds Orion platform, suggesting that there could be completely different batches of potential victims that have yet to be identified.

Microsoft Corp. said Thursday that 40 of its customers had been hacked, the attacks were ongoing and the death toll is expected to rise.

Those affected included anonymous cybersecurity companies, government agencies, and government contractors, of which roughly 80% are in the United States.

Cybersecurity company FireEye Inc. was the first victim to reveal that it had been hacked, on December 8, and said that while investigating their own breach, the company’s investigators discovered the back door of SolarWinds.

Microsoft itself said it found the malicious SolarWinds update within its network, but found no evidence of access to production services or customer data.

[ad_2]