[ad_1]
The daily beast
Kremlin Hacker Team A is back, and that’s bad news for the rest of us.
The feds say the Treasury and Commerce departments have been breached by hackers by taking advantage of a backdoor installed in a popular network monitoring application. The United States points to Moscow as the possible culprit for the raids. But they are not targeting the loud, aggressive, happy military hackers of trolls that we have come to know in the years since they meddled in the 2016 election, instead US officials have told reporters that a more stealthy and Sophisticated: The Kremlin’s Hacking Team A is to blame, which could indicate a return to the kind of high-profile thefts the group became famous for in 2015.These officials say hackers from the Kremlin’s Foreign Intelligence Service Russia, known as “Cozy Bear” or APT 29, are now prime suspects for a breach in SolarWinds Orion software, causing governments and corporations around the world to look for signs of intrusion into their networks. “It sounds like a very good operation. executed and careful, but at the moment it’s too early to say what the scale of the engagement is, ”said Matt Tait, former information security specialist at the agency Signals Intelligence Agency, GCHQ. “Hopefully, as antivirus vendors, and Microsoft in particular, we start looking for signs of intrusion at scale, we will have a much better picture of how severe and extensive the operation really was.” Intel: Putin’s Hillary Hackers Now After Our COVID-19 Vaccine Secrets Russian Cyber Unit Going Dark After DNC Hacking Keeps Spying Russian Foreign Intelligence Service, or SVR, hackers are known for their less visible operations which focus on clandestine intelligence gathering, in contrast to military hackers who have spent the last few years.While Russian GRU hackers have been shutting down electrical systems in Ukraine, blocking Ukrainian networks with the NotPetya ransomware attack and trolling Hillary Clinton with stolen emails from the Democratic National Committee and her campaign chairman, the APT 29 operators were so hard to notice that some even speculated that they might have scaled back operations after the public learned that the Dutchman at Teligence had managed to infiltrate their network in 2015, however, C Ozy Bear had been active the entire time, collecting against foreign diplomatic facilities with a more stealthy and sophisticated craft. SVR hackers violated the Democratic National Committee along with the GRU during the 2016 elections, but in a 2019 filing in its lawsuit against the Russian government, the DNC claimed that SVR hackers had attempted to repeat the performance during the elections. mid-2018. Shortly before the election, Democratic officials wrote in an amended complaint, “consistent with a spear-phishing campaign that leading cybersecurity experts have linked to Cozy Bear.” More recently, the US, UK, and Canada issued a joint warning that Cozy Bear Operators had targeted major pharmaceutical companies in all three countries “with the intention of stealing information and intellectual property related to development and COVID-19 Vaccine Testing “. Experts who have had the opportunity to analyze the breach in SolarWinds software have written that The operation displays an impressive degree of stealth and cunning. How they managed to do this is not yet clear, but the hackers embedded a malicious update file within SolarWinds’ Orion network monitoring program. When the update file is installed on customer networks, the malicious file remains silent for two weeks. After its dormant period, the malware communicates with a command-and-control server for instructions on what to do next, according to a technical assessment written by cybersecurity company FireEye, which was attacked through the same backdoor and lost some data. When activated, the malware exhibits “significant operational security” and mixes with normal network activity, making it difficult for security software to detect it while spying on your host network, according to FireEye. This type of breach, known as a supply chain attack, is particularly difficult for cybersecurity officials to address because it undermines the implicit confidence that customers have that products and updates from known vendors are safe to use. The software is widely used in government and the private sector, and company officials say that up to 18,000 of SolarWinds’ 300,000 customers may have downloaded corrupted versions of the software, according to a filing with the SEC. Regulatory agency that, while its software has been compromised at least in March 2020, believes the attack was “intended to be a narrow, extremely targeted and manually executed attack” against a more selective group of targets. Fresh Wave of Cyberattacks on US FireEye wrote that it had observed malicious software running on computers in “North America, Europe, Asia, and the Middle East.” FireEye was the first known victim of the SolarWinds vulnerability and in a statement released last week, CEO Kevin Madnia said company officials had observed hackers taking advantage of their access to steal software tools that FireEye uses to simulate hackers. foreign computer scientists and test the security of customers’ network. The GRU’s brazen operations have captured much of the West’s attention in recent years. The involvement of SVR hackers in such a sophisticated theft against federal agencies and one of the most capable cybersecurity companies in the world, if proven, is an unwelcome reminder that the scope of Russia’s cyber threats remains wider and harder to find. Read more. in The Daily Beast. Do you have a tip? Submit to The Daily Beast here Get our best stories delivered to your inbox every day. Register now! Beast Daily Membership: Beast Inside delves into the stories that matter to you. Learn more.
