Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks
The Russian group has breached multiple technology firms in previously unreported activity, said Charles Carmakal, senior vice president and CTO at cybersecurity firm Mandiant. The hackers have also used new tools and techniques in some of their operations this year, Carmakal said.
âThe group has compromised multiple government entities, organizations that focus on political and foreign policy matters, and technology providers that provide direct or indirect access to the ultimate target organizations within North America and Europe,â Carmakal told CNN. He declined to identify the technology providers.
Itâs unclear what data, if any, the hackers accessed. But the activity is a reminder of the challenge facing the Biden administration as it tries to blunt efforts by Americaâs top digital adversaries to access sensitive government data.
A US official familiar with the matter told CNN that federal agencies are tracking the latest actions of the Russian hackers.
âThe issue has come up in recent National Security Council meetings,â said the official, who spoke on the condition of anonymity.
The Russian group is best known for using tampered software made by federal contractor SolarWinds to breach at least nine US agencies in activity that came to light in December 2020. The attackers were undetected for months in the unclassified email networks of the departments of Justice, Homeland Security and others, and it was FireEye, Mandiantâs former parent firm, not a government agency, that discovered the hacking campaign.
The Biden administration in April attributed the spying campaign to Russiaâs foreign intelligence service, the SVR, and criticized Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow has denied involvement.
Homeland Security Secretary Alejandro Mayorkas in March said that US cybersecurity defenses must be quicker in detecting future espionage efforts. âOur government got hacked last year and we didnât know about it for months,â Mayorkas said in a speech, referring to the SolarWinds incident.
To that end, DHSâ Cybersecurity and Infrastructure Security Agency (CISA) has pledged to spend some of the $650 million it received from the American Rescue Plan earlier this year on new security tools to detect threats. The Biden administration has also instituted mandatory security standards for US government contractors. Deputy Attorney General Lisa Monaco said Wednesday that the Justice Department would use its âcivil enforcement tools to pursue companies â" those who are government contractors or receive federal funds â" when they fail to follow required cybersecurity standards.â
Cat and mouse gameFor US agencies, it could be a cat and mouse game attempting to detect the Russian operatives. They are professionals â" the likes of which are employed by top US and Chinese spy agencies â" with a mission to collect intelligence on government targets, analysts say. That means they develop new hacking tools when other ones are exposed.
Starting in April, if not earlier, the Russian group was using a new piece of malicious software to âremotely exfiltrate sensitive informationâ from targeted organizationsâ computer servers, Microsoft said in a September 27 blog post.Microsoft declined to comment on where the targeted organizations are located or what sectors they are in. But other security specialists say theyâve been responding to digital intrusions associated with the broad group of hackers that Washington blamed for the SolarWinds breaches.
âTheyâre constantly active,â Adam Meyers, senior vice president of intelligence at security firm CrowdStrike, said of the Russian group. âI think the public reporting represents ⦠when we catch them and when we see what theyâre up to.â
CrowdStrike last month found malicious code in a customer network that Meyers said was likely deployed by Cozy Bear, a Russian group that overlaps with the one tracked by Microsoft. Meyers declined to elaborate on the incident.
The National Security Agency, FBI, CISA, and the Office of the Director of National Intelligence declined to comment for this story.
Gen. Paul Nakasone, who heads the NSA and US Cyber Command, on Tuesday said that US agencies worked well with Mandiant to cut short the Russian espionage campaign exploiting SolarWinds.
âThe SolarWinds incident, I think, was really a turning point for our nation,â Nakasone said at the Mandiant Cyber Defense Summit in Washington. âWe were able to expose a significant intrusion by a foreign adversary that was trying to do our nation harm.â
Checkout latest world news below links :World News || Latest News || U.S. News
Source link
0 Response to "Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks"
Post a Comment