Russia

The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have published a joint advisory that warns that Russia-linked APT group SVR  (aka APT29, Cozy Bear, and The Dukes). […]

The post Russia-linked APT SVR actively targets these 5 flaws appeared first on Security Affairs.

Read More Russia-linked APT SVR actively targets these 5 flaws

The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […]

The post US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack appeared first on Security Affairs.

Read More US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack

The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. In the same period, Russia-linked […]

The post Sweden blames Russia for Swedish Sports Confederation hack appeared first on Security Affairs.

Read More Sweden blames Russia for Swedish Sports Confederation hack

Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […]

The post German Parliament Bundestag targeted again by Russia-linked hackers appeared first on Security Affairs.

Read More German Parliament Bundestag targeted again by Russia-linked hackers

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom. The partial disruption of the service coincided with […]

The post Internet disruption in Russia coincided with the introduction of restrictions appeared first on Security Affairs.

Read More Internet disruption in Russia coincided with the introduction of restrictions

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for US national security. The Senate Intelligence Committee is scheduled to …

Read More National Security Risks of Late-Stage Capitalism

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]

The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.

Read More Ukraine sites suffered massive attacks launched from Russian networks

The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]

The post The US Government is going to respond to the SolarWinds hack very soon appeared first on Security Affairs.

Read More The US Government is going to respond to the SolarWinds hack very soon

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

[…]

Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies…

Read More Another SolarWinds Orion Hack

Microsoft analyzed details of the SolarWinds attack:

Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.

Details are in the Microsoft blog:

We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices. We have also detailed the …

Read More More SolarWinds News