[ad_1]
Russian hackers Moe has violated SolarWinds IT management software a commit Numerous U.S. government agencies and businesses once again they are the protagonists. Microsoft said on Thursday that the same spy group “Nobelium” has built an aggressive phishing campaign since January this year and has risen significantly this week, targeting about 3,000 people in more than 150 organizations in 24 countries.
The revelation caused a stir, highlighting Russia’s ongoing and tougher digital espionage campaign. But it shouldn’t be at all shocking that Russia in general, and SolarWinds hackers in particular, have continued to spy. The US imposed retaliatory sanctions in April. And when it comes to SolarWinds, it seems like a completely common phishing campaign.
“I don’t think it’s increasing, I think it’s the usual way,” says John Hultquist, vice president of intelligence for FireEye’s security company, the first time SolarWinds found intrusions. “I don’t think they’re deterred and I don’t think it’s likely that they’ll be deterred.”
Russia’s latest campaign is worth calling. Nobelium jeopardized the legal accounts of the massive Contact Constant e-mail service, including the United States Agency for International Development. From there, hackers, who were allegedly members of Russia’s foreign intelligence agency SVR, can send specially crafted emails that were actually coming from the organization’s email accounts. The emails had legitimate links, then were redirected to harmful Nobelium infrastructure and installed malware to control target devices.
The number of targets seems large and although USAID works with many people in sensitive positions, the actual impact may not be as severe as the first sound. While Microsoft acknowledges that it passed some messages, the company says automated spam systems have blocked many phishing messages. Microsoft’s vice president of customer safety and trust wrote Tom Burt blog post On Thursday, the company sees the activity as “sophisticated,” and Nobelium has evolved and refined its campaign strategy to reach this week’s goals.
“It is likely that these observations may have led to changes in the actor’s traditional craftsmanship and possible experimentation after the news of previous events spread,” Burt wrote. In other words, this could be the pivot after the SolarWinds cover exploded.
But the tactics of this latest phishing campaign reflect the general practice of Nobel to establish access to one system or account and then gain access to others and jump to multiple goals. It is a spy agency; he does that of course.
“If SolarWinds had happened before, we wouldn’t have thought about it. The context of SolarWinds takes us in a different direction,” says Jason Healey, a former White House employee of Bush and a current Columbia University cyber-conflict researcher. I don’t think anyone is going to blink at me. “
Microsoft has stated that Russian spies, and especially Nobel laureates, have nothing to do with contracts with government agencies, especially USAID, NGOs, think tanks, research teams, or military and IT services.
“NGOs and DC think tanks have been soft targets of great value for decades,” says a former cybersecurity consultant at the Department of Homeland Security. “And it’s an open secret in the world of incident response, that it’s a mess of subcontracted IT networks and infrastructure outsourced by USAID and the State Department. In the past, some these systems were committed years.“
Especially when compared to the reach and sophistication of the SolarWinds breach, an extended phishing campaign feels almost like a downturn. It should be remembered that the effects of SolarWinds continue unabated; even after a month of publicity about the event, it is likely that Nobelium will persecute at least some of the systems that were jeopardized in that effort.
“I’m sure they’ve still gotten some access from the SolarWinds campaign,” says FireEye’s Hultquist. “The main focus of the activity has decreased, but it is likely to continue in several places.”
It’s just the reality of digital espionage. It doesn’t stop and it’s embarrassing to start based on the public. Certainly, Nobelium’s activity isn’t pleasant, but it doesn’t increase by itself.
Additional report by Andy Greenberg.
More great KABEKO stories
[ad_2]
Source link
