ContributorsPublishersAdvertisers
Public Safety

Russian hackers haven’t eased up on their U.S. spying efforts, report finds

By The Associated Press
KX News
KX News
 3 days ago

https://img.particlenews.com/image.php?url=3g34vV_0dFIySQB00

WASHINGTON (AP) — The elite Russian state hackers behind last year’s massive SolarWinds cyberespionage campaign hardly eased up this year, managing plenty of infiltrations of U.S. and allied government agencies and foreign policy think tanks with consummate craft and stealth, a leading cybersecurity firm reported Monday.

On the anniversary of the public disclosure of the SolarWinds intrusions , Mandiant said the hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests” with great effect using novel, stealthy techniques that it detailed in a mostly technical report aimed at helping security professionals stay alert.

It was Mandiant, not the U.S. government, that disclosed SolarWinds.

While the number of government agencies and companies hacked by the SVR was smaller this year than last, when some 100 organizations were breached, assessing the damage is difficult, said Charles Carmakal, Mandiant’s chief technical officer. Overall, the impact is quite serious. “The companies that are getting hacked, they are also losing information.”

“Not everybody is disclosing the incident(s) because they don’t always have to disclose it legally,” he said, complicating damage-assessment.

The Russian cyber spying unfolded, as always, mostly in the shadows as the U.S. government was consumed in 2021 by a separate, eminently “noisy” and headline-grabbling cyber threat — ransomware attacks launched not by nation-state hackers but rather criminal gangs. As it happens, those gangs are largely protected by the Kremlin.

The Mandiant findings follow an October report from Microsoft that the hackers, whose umbrella group it calls Nobelium, continue to infiltrate the government agencies, foreign policy think tanks and other organizations focused on Russian affairs through the cloud service companies and so-called managed services providers on which they increasingly rely. Mandiant tips its hat to Microsoft’s threat researchers in the report.

Mandiant researchers said the Russian hackers “continue to innovate and identify new techniques and tradecraft” that lets them linger in victim networks, hinder detection and confuse attempts to attribute hacks to them. In short, Russia’s most elite state-backed hackers are as crafty and adaptable as ever.

Mandiant did not identify individual victims or describe what specific information may have been stolen but did say unspecified “diplomatic entities” that received malicious phishing emails were among the targets.

Often, the researchers say, the hackers’ path of least resistance to their targets were cloud-computing services. From there, they used stolen credentials to infiltrate networks. The report describes how in one case they gained access to one victim’s Microsoft 365 system through a stolen session. And, the report says, the hackers routinely relied on advanced tradecraft to cover their tracks.

One clever technique discussed in the report illustrates the ongoing cat-and-mouse game that digital espionage entails. Hackers set up intrusion beachheads using IP addresses, a numeric designation that identifies its location on the internet, that were physically located near an account they are trying to breach — in the same address block, say, as the person’s local internet provider. That makes it highly difficult for security software to detect a hacker using stolen credentials posing as someone trying to access their work account remotely.

The SolarWinds hack exploited vulnerabilities in the software supply-chain system and went undetected for most of 2020 despite compromises at a broad swath of federal agencies — including the Justice Department — and dozens of companies, primarily telecommunications and information technology providers and including Mandiant and Microsoft .

The hacking campaign is named SolarWinds after the U.S. software company whose product was exploited in the first-stage infection of that effort. The Biden administration imposed sanctions last April in response to the hack, including against six Russian companies that support the country’s cyber efforts.

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

For the latest news, weather, sports, and streaming video, head to KX NEWS.

Comments / 0

Related
KREX

China says US diplomatic boycott violates Olympic spirit

BEIJING (AP) — China accused the United States of violating the Olympic spirit on Tuesday after the Biden administration announced a diplomatic boycott of the Beijing Winter Games over human rights concerns. Rights groups have pushed for a full-blown boycott of the Games, accusing China of rights abuses against ethnic minorities. The U.S. decision falls short of those […]
SPORTS
Washington Post

Hackers wanted by the U.S. are profiting handsomely in Russia

Welcome to The Cybersecurity 202! Consider this your public service announcement that holiday travelers can carry ricotta-filled cannoli through airport security, but not cannoli shells with the filling in a separate piping bag. Below: Trump allies and conspiracy theorists are seeking election jobs across the country, and a Chinese province...
PUBLIC SAFETY
RELATED LOCAL CHANNELS
State
Washington State
Axios

U.S. faces urgent anti-hacker crisis

The Biden administration is accelerating efforts to fill nearly 600,000 vacant cybersecurity positions in the public and private sectors bogging down efforts to protect digital infrastructure. Why it matters: Following a deluge of ransomware attacks targeting critical government and corporate infrastructure this year, clogs in the talent pipeline are leaving...
U.S. POLITICS
New York Post

‘Dangerous consequences’: Russia warns US over aircraft close encounters

Russia’s Foreign Ministry complained to the US Embassy in Moscow Wednesday of “provocative actions” by the US and NATO and warned of “dangerous consequences” amid tension over a Russian military buildup along the border with Ukraine. In a statement, Foreign Ministry spokeswoman Maria Zakharova specified...
MILITARY
IN THIS ARTICLE
#Hackers#Cyber Spying#Russian#Ap#Solarwinds#Svr#Kremlin
senate.gov

On FOX Business, Portman Discusses Russian Threat to Ukraine, Democrats’ Reckless Tax & Spending Bill

Senator Portman joined FOX Business’ Kudlow this afternoon to discuss the growing Russian threat against Ukraine. This comes as recent press reports suggest that U.S. intelligence believes Russia is planning an offensive against Ukraine. The report cited the projected involvement of 175,000 troops, 100 Russian battalion tactical groups, which is two-thirds of the available battalion tactical groups in the Russian army. Portman is one of Ukraine’s strongest allies in Congress and the co-Chair of the Senate Ukraine Caucus.
FOREIGN POLICY
YOU MAY ALSO LIKE
NewsBreak
Microsoft
NewsBreak
Public Safety
Country
Russia
NBC News

Kamikaze drones: A new weapon brings power and peril to the U.S. military

DUGWAY PROVING GROUND, Utah — The killer drone whooshed out of its launch tube, spreading its carbon wings and shooting into the sky. Flying too fast for the naked eye to track, the battery-powered robot circled the Utah desert, hunting for the target it had been programmed to strike. Moments later, it sailed through the driver’s side window of an empty pickup truck and exploded in a fireball.
MILITARY
Axios

Biden threatens Putin

In a video call that lasted for just over two hours on Tuesday, President Biden warned Russian President Vladimir Putin that if Russia invades Ukraine the U.S. will impose unprecedented sanctions and provide additional weaponry to the Ukrainians, national security adviser Jake Sullivan said. Why it matters: Russia's military activity...
PRESIDENTIAL ELECTION
Reuters

Business-wary Team Biden is making unforced errors

WASHINGTON, Dec 8 (Reuters Breakingviews) - The White House’s balancing act isn’t always working. U.S. President Joe Biden’s team has taken a more distant approach to business compared with Donald Trump, partly because it’s trying to appease progressive Democrats. That has led to some unforced errors, including a tardy response to supply chain problems and delays in filling important financial posts.
POTUS
KX News

KX News

1K+
Followers
1K+
Post
186K+
Views
ABOUT

Western North Dakota's primary news and information resource

 https://www.kxnet.com

Comments / 0

Community Policy