Evidence Emerging About Cyber Attacks On US Government

Hackers believed to be working for the Russian government have been reading internal email traffic at the US Treasury and Commerce Departments. Analysts at Kaspersky have now found evidence that suggests that Russia was behind the damaging widespread cyber attacks on the US referred to as 'Sunburst' and this investigation will likely reveal that many more hacks have been going on. The Moscow-based cyber security company has reported that some of the malicious code used recently in cyber-attacks on the US government is very similar code previously used by Russian hackers.

This clearly suggests that Russian state-sponsored hackers were behind the biggest cyber espionge attack against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies and some overseas locations. However, Kaspersky has cautioned that the code similarities do not always confirm that the same group is behind similar attacks as other groups can mimic and use similar coding.

According to some findings, Sunburst was used to communicate with a server controlled by the hackers  and that this resembled another hacking tool called Kazuar previously associated with the Russian Turla hacking group, known for attacks on EU government institutions. 

US intelligence agencies recently released a joint statement accusing Moscow of launching the attack, which they said was “ongoing” more than a month after being made public. Moscow has denied responsibility. Sunburst methods allowed the hackers to receive reports on infected computers and then they could attack those computers and take information and secure data from them.  Of  the 18,000 infected machines only, a few was highly targeted.

Kaspersky analysts found that functions that kept the malware dormant appeared to have links to Kazuar, which was reported by Palo Alto's Unit42 research team in 2017. 

The Kaspersky investigators said there could be other explanations for the coding overlap besides Turla being behind the SolarWinds attack. It is possible the attackers were “inspired” by the Kazuar code; that both groups obtained their malware from the same source; that a former member of Turla brought the code to a new team; or that the code was used as a “false flag”, deployed in the attack specifically to attract blame against Turla and implicate Moscow.

FireEye has also uncovered a widespread campaign. The actors behind this campaign gained access to numerous public and private organisations around the world. They could focus on targets via trojanised updates to SolarWinds’s Orion IT software. This campaign may have begun as early as Spring 2020 and is the work of a highly skilled actor with the operation conducted with significant operational security.

Reuters:        SecureList:    FireEye:      Unit42:        Guardian

You Might Also Read:

Spies In Cyberspace:

 

« British Police Launch CyberAlarm
The Most Important Technologies For 2021 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

CD Networks

CD Networks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Wheel Systems

Wheel Systems

Wheel Systems specialize in privileged access management, user authentication and authorization and SSL/TLS encrypted traffic inspection.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Airnow Cybersecurity

Airnow Cybersecurity

Airnow Cybersecurity provide digital cybersecurity services and solutions for organizations and app publishers.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.