Evidence Emerging About Cyber Attacks On US Government

Uploaded on 2021-01-20 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Hackers believed to be working for the Russian government have been reading internal email traffic at the US Treasury and Commerce Departments. Analysts at Kaspersky have now found evidence that suggests that Russia was behind the damaging widespread cyber attacks on the US referred to as 'Sunburst' and this investigation will likely reveal that many more hacks have been going on. The Moscow-based cyber security company has reported that some of the malicious code used recently in cyber-attacks on the US government is very similar code previously used by Russian hackers.

This clearly suggests that Russian state-sponsored hackers were behind the biggest cyber espionge attack against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies and some overseas locations. However, Kaspersky has cautioned that the code similarities do not always confirm that the same group is behind similar attacks as other groups can mimic and use similar coding.

According to some findings, Sunburst was used to communicate with a server controlled by the hackers  and that this resembled another hacking tool called Kazuar previously associated with the Russian Turla hacking group, known for attacks on EU government institutions. 

US intelligence agencies recently released a joint statement accusing Moscow of launching the attack, which they said was “ongoing” more than a month after being made public. Moscow has denied responsibility. Sunburst methods allowed the hackers to receive reports on infected computers and then they could attack those computers and take information and secure data from them.  Of  the 18,000 infected machines only, a few was highly targeted.

Kaspersky analysts found that functions that kept the malware dormant appeared to have links to Kazuar, which was reported by Palo Alto's Unit42 research team in 2017. 

The Kaspersky investigators said there could be other explanations for the coding overlap besides Turla being behind the SolarWinds attack. It is possible the attackers were “inspired” by the Kazuar code; that both groups obtained their malware from the same source; that a former member of Turla brought the code to a new team; or that the code was used as a “false flag”, deployed in the attack specifically to attract blame against Turla and implicate Moscow.

FireEye has also uncovered a widespread campaign. The actors behind this campaign gained access to numerous public and private organisations around the world. They could focus on targets via trojanised updates to SolarWinds’s Orion IT software. This campaign may have begun as early as Spring 2020 and is the work of a highly skilled actor with the operation conducted with significant operational security.

Reuters:        SecureList:    FireEye:      Unit42:        Guardian

You Might Also Read:

Spies In Cyberspace:

 

« British Police Launch CyberAlarm
The Most Important Technologies For 2021 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.

Digital & Intelligence Service (DIS) - Singapore

Digital & Intelligence Service (DIS) - Singapore

DIS is the fourth Service of the SAF, here to defend and dominate in the digital domain, and achieve peace and security for our land.