Evidence Emerging About Cyber Attacks On US Government

Uploaded on 2021-01-20 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Hackers believed to be working for the Russian government have been reading internal email traffic at the US Treasury and Commerce Departments. Analysts at Kaspersky have now found evidence that suggests that Russia was behind the damaging widespread cyber attacks on the US referred to as 'Sunburst' and this investigation will likely reveal that many more hacks have been going on. The Moscow-based cyber security company has reported that some of the malicious code used recently in cyber-attacks on the US government is very similar code previously used by Russian hackers.

This clearly suggests that Russian state-sponsored hackers were behind the biggest cyber espionge attack against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies and some overseas locations. However, Kaspersky has cautioned that the code similarities do not always confirm that the same group is behind similar attacks as other groups can mimic and use similar coding.

According to some findings, Sunburst was used to communicate with a server controlled by the hackers  and that this resembled another hacking tool called Kazuar previously associated with the Russian Turla hacking group, known for attacks on EU government institutions. 

US intelligence agencies recently released a joint statement accusing Moscow of launching the attack, which they said was “ongoing” more than a month after being made public. Moscow has denied responsibility. Sunburst methods allowed the hackers to receive reports on infected computers and then they could attack those computers and take information and secure data from them.  Of  the 18,000 infected machines only, a few was highly targeted.

Kaspersky analysts found that functions that kept the malware dormant appeared to have links to Kazuar, which was reported by Palo Alto's Unit42 research team in 2017. 

The Kaspersky investigators said there could be other explanations for the coding overlap besides Turla being behind the SolarWinds attack. It is possible the attackers were “inspired” by the Kazuar code; that both groups obtained their malware from the same source; that a former member of Turla brought the code to a new team; or that the code was used as a “false flag”, deployed in the attack specifically to attract blame against Turla and implicate Moscow.

FireEye has also uncovered a widespread campaign. The actors behind this campaign gained access to numerous public and private organisations around the world. They could focus on targets via trojanised updates to SolarWinds’s Orion IT software. This campaign may have begun as early as Spring 2020 and is the work of a highly skilled actor with the operation conducted with significant operational security.

Reuters:        SecureList:    FireEye:      Unit42:        Guardian

You Might Also Read:

Spies In Cyberspace:

 

« British Police Launch CyberAlarm
The Most Important Technologies For 2021 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.

Straiker

Straiker

Straiker's AI-native security platform is designed to protect enterprise AI applications and autonomous agents from evolving threats through automated assessment and runtime guardrails.