Evidence Emerging About Cyber Attacks On US Government

Uploaded on 2021-01-20 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Hackers believed to be working for the Russian government have been reading internal email traffic at the US Treasury and Commerce Departments. Analysts at Kaspersky have now found evidence that suggests that Russia was behind the damaging widespread cyber attacks on the US referred to as 'Sunburst' and this investigation will likely reveal that many more hacks have been going on. The Moscow-based cyber security company has reported that some of the malicious code used recently in cyber-attacks on the US government is very similar code previously used by Russian hackers.

This clearly suggests that Russian state-sponsored hackers were behind the biggest cyber espionge attack against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies and some overseas locations. However, Kaspersky has cautioned that the code similarities do not always confirm that the same group is behind similar attacks as other groups can mimic and use similar coding.

According to some findings, Sunburst was used to communicate with a server controlled by the hackers  and that this resembled another hacking tool called Kazuar previously associated with the Russian Turla hacking group, known for attacks on EU government institutions. 

US intelligence agencies recently released a joint statement accusing Moscow of launching the attack, which they said was “ongoing” more than a month after being made public. Moscow has denied responsibility. Sunburst methods allowed the hackers to receive reports on infected computers and then they could attack those computers and take information and secure data from them.  Of  the 18,000 infected machines only, a few was highly targeted.

Kaspersky analysts found that functions that kept the malware dormant appeared to have links to Kazuar, which was reported by Palo Alto's Unit42 research team in 2017. 

The Kaspersky investigators said there could be other explanations for the coding overlap besides Turla being behind the SolarWinds attack. It is possible the attackers were “inspired” by the Kazuar code; that both groups obtained their malware from the same source; that a former member of Turla brought the code to a new team; or that the code was used as a “false flag”, deployed in the attack specifically to attract blame against Turla and implicate Moscow.

FireEye has also uncovered a widespread campaign. The actors behind this campaign gained access to numerous public and private organisations around the world. They could focus on targets via trojanised updates to SolarWinds’s Orion IT software. This campaign may have begun as early as Spring 2020 and is the work of a highly skilled actor with the operation conducted with significant operational security.

Reuters:        SecureList:    FireEye:      Unit42:        Guardian

You Might Also Read:

Spies In Cyberspace:

 

« British Police Launch CyberAlarm
The Most Important Technologies For 2021 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Metallic.io

Metallic.io

Metallic (formerly TrapX) is a SaaS portfolio for enterprise-grade backup and recovery, designed to protect your data from corruption, deletion, ransomware, and other threats.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.