United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that provided hackers with access into as many as 18,000 government entities and Fortune 500 companies as to at least nine federal agencies and m…Read More Russian SVR Behind the SolarWinds Hack, According to U.S. Government
The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have published a joint advisory that warns that Russia-linked APT group SVR (aka APT29, Cozy Bear, and The Dukes). […]
The post Russia-linked APT SVR actively targets these 5 flaws appeared first on Security Affairs.Read More Russia-linked APT SVR actively targets these 5 flaws
The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […]
The post US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack appeared first on Security Affairs.Read More US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack
The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. In the same period, Russia-linked […]
The post Sweden blames Russia for Swedish Sports Confederation hack appeared first on Security Affairs.Read More Sweden blames Russia for Swedish Sports Confederation hack
Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […]
The post German Parliament Bundestag targeted again by Russia-linked hackers appeared first on Security Affairs.Read More German Parliament Bundestag targeted again by Russia-linked hackers
Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom. The partial disruption of the service coincided with […]
The post Internet disruption in Russia coincided with the introduction of restrictions appeared first on Security Affairs.Read More Internet disruption in Russia coincided with the introduction of restrictions
A Russian cybercrime forum appears to have suffered a data breach, spilling details of users.
Which is a terribly unfortunate thing to happen…Read More Russian cybercriminal forum hacked, user details exposed
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.
It was a huge attack, with major implications for US national security. The Senate Intelligence Committee is scheduled to …Read More National Security Risks of Late-Stage Capitalism
Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]
The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.Read More Ukraine sites suffered massive attacks launched from Russian networks
The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]
The post The US Government is going to respond to the SolarWinds hack very soon appeared first on Security Affairs.Read More The US Government is going to respond to the SolarWinds hack very soon
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:
Read More Another SolarWinds Orion Hack
Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.
Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies…
Microsoft analyzed details of the SolarWinds attack:
Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
Details are in the Microsoft blog:
Read More More SolarWinds News
We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices. We have also detailed the …
Kaspersky investigators uncover evidence that may support US claims Moscow was behind attackA Moscow-based cybersecurity company has reported that some of the malicious code employed against the US government in a cyber-attack last month overlaps with …Read More Global cyber-espionage campaign linked to Russian spying tools
Analysis: trade in stolen data is a boon for investigators and a headache for KremlinIn early 2019, the journalist Andrei Zakharov managed to buy his own phone and banking records in a groundbreaking investigation into Russia’s thriving markets in stol…Read More Outing of FSB hit squad highlights Russia’s data security problem
Russian cybercrime gang is believed to be responsible for taking Garmin services offlineA ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cyb…Read More Ransomware attack on Garmin thought to be the work of ‘Evil Corp’