Evidence Emerging About Cyber Attacks On US Government

Hackers believed to be working for the Russian government have been reading internal email traffic at the US Treasury and Commerce Departments. Analysts at Kaspersky have now found evidence that suggests that Russia was behind the damaging widespread cyber attacks on the US referred to as 'Sunburst' and this investigation will likely reveal that many more hacks have been going on. The Moscow-based cyber security company has reported that some of the malicious code used recently in cyber-attacks on the US government is very similar code previously used by Russian hackers.

This clearly suggests that Russian state-sponsored hackers were behind the biggest cyber espionge attack against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies and some overseas locations. However, Kaspersky has cautioned that the code similarities do not always confirm that the same group is behind similar attacks as other groups can mimic and use similar coding.

According to some findings, Sunburst was used to communicate with a server controlled by the hackers  and that this resembled another hacking tool called Kazuar previously associated with the Russian Turla hacking group, known for attacks on EU government institutions. 

US intelligence agencies recently released a joint statement accusing Moscow of launching the attack, which they said was “ongoing” more than a month after being made public. Moscow has denied responsibility. Sunburst methods allowed the hackers to receive reports on infected computers and then they could attack those computers and take information and secure data from them.  Of  the 18,000 infected machines only, a few was highly targeted.

Kaspersky analysts found that functions that kept the malware dormant appeared to have links to Kazuar, which was reported by Palo Alto's Unit42 research team in 2017. 

The Kaspersky investigators said there could be other explanations for the coding overlap besides Turla being behind the SolarWinds attack. It is possible the attackers were “inspired” by the Kazuar code; that both groups obtained their malware from the same source; that a former member of Turla brought the code to a new team; or that the code was used as a “false flag”, deployed in the attack specifically to attract blame against Turla and implicate Moscow.

FireEye has also uncovered a widespread campaign. The actors behind this campaign gained access to numerous public and private organisations around the world. They could focus on targets via trojanised updates to SolarWinds’s Orion IT software. This campaign may have begun as early as Spring 2020 and is the work of a highly skilled actor with the operation conducted with significant operational security.

Reuters:        SecureList:    FireEye:      Unit42:        Guardian

You Might Also Read:

Spies In Cyberspace:

 

« British Police Launch CyberAlarm
The Most Important Technologies For 2021 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

CloudSigma

CloudSigma

CloudSigma, a pure-cloud IaaS provider offers flexible and innovative cloud hosting solutions for companies of all sizes both in Europe and the US.

Cyber Essentials

Cyber Essentials

Cyber Essentials is a UK government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Eurofins Cyber Security

Eurofins Cyber Security

Eurofins Digital Testing is a global leader in end-to-end Quality Assurance and cyber security.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

Worldr

Worldr

Worldr solves security and data protection in team communication, without compromising usability, allowing professionals to communicate and collaborate securely and seamlessly.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.