Russian hackers behind SolarWinds hack are trying to infiltrate gov networks
The Russian hackers behind a successful 2020 breach of US federal agencies have in recent months tried to infiltrate US and European government networks.
The Russian group has breached multiple technology firms in
previously unreported activity, said Charles Carmakal, senior vice president
and CTO at cybersecurity firm Mandiant.
The hackers have also used new tools and techniques in some
of their operations this year, Carmakal said.
"The group has compromised multiple government
entities, organizations that focus on political and foreign policy matters, and
technology providers that provide direct or indirect access to the ultimate
target organizations within North America and Europe," Carmakal told.
He declined to identify the technology providers.
It's unclear what data, if any, the hackers accessed. But
the activity is a reminder of the challenge facing the Biden administration as
it tries to blunt efforts by America's top digital adversaries to access
sensitive government data.
A US official familiar with the matter told that federal
agencies are tracking the latest actions of the Russian hackers.
"The issue has come up in recent National Security
Council meetings," said the official, who spoke on the condition of
anonymity.
The Russian group is best known for using tampered software
made by federal contractor SolarWinds to breach at least nine US agencies in
activity that came to light in December 2020. The attackers were undetected for
months in the unclassified email networks of the departments of Justice,
Homeland Security and others, and it was FireEye, Mandiant's former parent
firm, not a government agency, that discovered the hacking campaign.
The Biden administration in April attributed the spying
campaign to Russia's foreign intelligence service, the SVR, and criticized
Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow
has denied involvement.
Homeland Security Secretary Alejandro Mayorkas in March said
that US cybersecurity defenses must be quicker in detecting future espionage
efforts. "Our government got hacked last year and we didn't know about it
for months," Mayorkas said in a speech, referring to the SolarWinds
incident.
To that end, DHS' Cybersecurity and Infrastructure Security
Agency (CISA) has pledged to spend some of the $650 million it received from
the American Rescue Plan earlier this year on new security tools to detect
threats. The Biden administration has also instituted mandatory security
standards for US government contractors. Deputy Attorney General Lisa Monaco
said Wednesday that the Justice Department would use its "civil
enforcement tools to pursue companies -- those who are government contractors
or receive federal funds -- when they fail to follow required cybersecurity
standards."
Cat and mouse game
For US agencies, it could be a cat and mouse game attempting
to detect the Russian operatives. They are professionals -- the likes of which
are employed by top US and Chinese spy agencies -- with a mission to collect
intelligence on government targets, analysts say. That means they develop new
hacking tools when other ones are exposed.
Starting in April, if not earlier, the Russian group was
using a new piece of malicious software to "remotely exfiltrate sensitive
information" from targeted organizations' computer servers, Microsoft said
in a September 27 blog post.
Microsoft declined to comment on where the targeted
organizations are located or what sectors they are in. But other security
specialists say they've been responding to digital intrusions associated with
the broad group of hackers that Washington blamed for the SolarWinds breaches.
"They're constantly active," Adam Meyers, senior
vice president of intelligence at security firm CrowdStrike, said of the
Russian group. "I think the public reporting represents ... when we catch
them and when we see what they're up to."
CrowdStrike last month found malicious code in a customer
network that Meyers said was likely deployed by Cozy Bear, a Russian group that
overlaps with the one tracked by Microsoft. Meyers declined to elaborate on the
incident.
The National Security Agency, FBI, CISA, and the Office of
the Director of National Intelligence declined to comment for this story.
Gen. Paul Nakasone, who heads the NSA and US Cyber Command,
on Tuesday said that US agencies worked well with Mandiant to cut short the
Russian espionage campaign exploiting SolarWinds.
"The SolarWinds incident, I think, was really a turning
point for our nation," Nakasone said at the Mandiant Cyber Defense Summit
in Washington. "We were able to expose a significant intrusion by a
foreign adversary that was trying to do our nation harm."
Comments
Post a Comment