Hackers of SolarWinds Stole Data On US Sanctions Policy, Intelligence Probes (reuters.com) 12
An anonymous reader writes: The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country's response to COVID-19, people involved in the investigation told Reuters. The hacks were widely publicized after their discovery late last year, and American officials have blamed Russia's SVR foreign intelligence service, which denies the activity. But little has been disclosed about the spies' aims and successes. [...] It has been previously reported that the hackers breached unclassified Justice Department networks and read emails at the departments of treasury, commerce and homeland security. Nine federal agencies were breached. The hackers also stole digital certificates used to convince computers that software is authorized to run on them and source code from Microsoft(MSFT.O) and other tech companies. One of the people involved said that the exposure of counter-intelligence matters being pursued against Russia was the worst of the losses.
In an annual threat-review paper released on Thursday, Microsoft said the Russian spies were ultimately looking for government material on sanctions and other Russia-related policies, along with U.S. methods for catching Russian hackers. Cristin Goodwin, general manager of Microsoft's Digital Security Unit, said the company drew its conclusions from the types of customers and accounts it saw being targeted. In such cases, she told Reuters, "You can infer the operational aims from that." Others who worked on the government's investigation went further, saying they could see the terms that the Russians used in their searches of U.S. digital files, including "sanctions."
Chris Krebs, the former head of U.S. cyber-defense agency CISA and now an adviser to SolarWinds and other companies, said the combined descriptions of the attackers' goals were logical. "If I'm a threat actor in an environment, I've got a clear set of objectives. First, I want to get valuable intelligence on government decision-making. Sanctions policy makes a ton of sense," Krebs said. The second thing is to learn how the target responds to attacks, or "counter-incident response," he said: "I want to know what they know about me so I can improve my tradecraft and avoid detection."
In an annual threat-review paper released on Thursday, Microsoft said the Russian spies were ultimately looking for government material on sanctions and other Russia-related policies, along with U.S. methods for catching Russian hackers. Cristin Goodwin, general manager of Microsoft's Digital Security Unit, said the company drew its conclusions from the types of customers and accounts it saw being targeted. In such cases, she told Reuters, "You can infer the operational aims from that." Others who worked on the government's investigation went further, saying they could see the terms that the Russians used in their searches of U.S. digital files, including "sanctions."
Chris Krebs, the former head of U.S. cyber-defense agency CISA and now an adviser to SolarWinds and other companies, said the combined descriptions of the attackers' goals were logical. "If I'm a threat actor in an environment, I've got a clear set of objectives. First, I want to get valuable intelligence on government decision-making. Sanctions policy makes a ton of sense," Krebs said. The second thing is to learn how the target responds to attacks, or "counter-incident response," he said: "I want to know what they know about me so I can improve my tradecraft and avoid detection."
If the NSA can hack windows... (Score:5, Insightful)
Or, maybe I am just stupid.
Re:If the NSA can hack windows... (Score:4, Insightful)
FTFY:
Quit using SaaS and the cloud for secure government work.
Re: (Score:2)
Having a computer geek as a prime minister for the last year and a half has had its effect. No more excuses. What failed for the last 20 years, succeeded in 1.5. Total defenestration. It's Astra Linux (militarized Debian with Red-Book like data copy control) everywhere. Even Vlad's desk (yes, that's the abominable Unity and Yandex Linux beta in front of him): https://www.youtube.com/watch?... [youtube.com]
On a more serious note, we live in democracies wher
Re: If the NSA can hack windows... (Score:2)
Maybe it should be "quit using computers". I remember reading that Russia goes with typewriters for anything truly important, and distributing paper copies to those in the need to know, so that only the less important stuff is in hackable electronic formats, which then range from air-gapped boxes all the way down to SaaS.
It's always Russia (Score:5, Insightful)
or China, or whichever s00p3r 3vil hacker group that gets singled out for those attacks.
How about investigating Microsoft's sloppiness for a change? Or the soft in the heads who decided it was a good idea to contract them for sensitive government contracts?
Re: (Score:2)
1. Do they have this information already? Yes they do. The whole sanction pipeline originates in their so called "opposition" as well as several well known "think tanks" which have collected the sourest grapes out of their diaspora. They have double-agented and hacked this collection of servile lapdogs on USA, British and lately German salaries for years. All of their data is regularly dumped to Olgino(*) for analysis and there is nothing about incoming sanctions which is surprising to t
Re: (Score:3)
Microsoft's sloppiness? They aren't running the show when it comes to SolarWinds software. I know it's usually easy (and justified) to point fingers at them. Although in this case they were a SolarWinds customer, so they got dinged. Just as many larger organizations did as customers using the compromised SolarWinds software.
Re: (Score:2)
Microsoft's sloppiness? They aren't running the show when it comes to SolarWinds software. I know it's usually easy (and justified) to point fingers at them. Although in this case they were a SolarWinds customer, so they got dinged. Just as many larger organizations did as customers using the compromised SolarWinds software.
Well, sort of. If I understand correctly, the group behind the hack was using an MFA bypass for Microsoft Exchange servers so they could read emails and use them to break into systems. In any case, they were bypassing MFA on Microsoft systems, so although Microsoft was hacked via Solar Winds, Solar Winds themselves were hacked via a Microsoft bug.
Re: (Score:2)
Hmm, I was under the impression that hackers gained access SolarWinds' network so in turn they had access to the source code repositories. For the SolarWinds Orion software (https://whatis.techtarget.com/feature/SolarWinds-hack-explained-Everything-you-need-to-know). Which is used for infrastructure monitoring.
You are 100% correct in that Microsoft Exchange has had several gaping security holes recently. That bad actors were actively exploiting like wild. Two different subjects however.
Amusing game (Score:1)