Report says Russian hackers haven’t eased spying efforts


A file photo of the Kremlin in Moscow. The elite Russian state hackers behind last year’s massive SolarWinds cyberespionage campaign hardly eased up this year, managing plenty of infiltrations of US and allied government agencies and foreign policy think tanks with consummate craft and stealth, a leading cybersecurity firm reported Monday. — AP

WASHINGTON: The elite Russian state hackers behind last year’s massive SolarWinds cyberespionage campaign hardly eased up this year, managing plenty of infiltrations of US and allied government agencies and foreign policy think tanks with consummate craft and stealth, a leading cybersecurity firm reported on Dec 6.

On the anniversary of the public disclosure of the SolarWinds intrusions, Mandiant said the hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests” with great effect using novel, stealthy techniques that it detailed in a mostly technical report aimed at helping security professionals stay alert.

It was Mandiant, not the US government, that disclosed SolarWinds.

While the number of government agencies and companies hacked by the SVR was smaller this year than last, when some 100 organisations were breached, assessing the damage is difficult, said Charles Carmakal, Mandiant’s chief technical officer. Overall, the impact is quite serious. “The companies that are getting hacked, they are also losing information.”

“Not everybody is disclosing the incident(s) because they don’t always have to disclose it legally,” he said, complicating damage-assessment.

The Russian cyber spying unfolded, as always, mostly in the shadows as the US government was consumed in 2021 by a separate, eminently “noisy” and headline-grabbing cyber threat – ransomware attacks launched not by nation-state hackers but rather criminal gangs. As it happens, those gangs are largely protected by the Kremlin.

The Mandiant findings follow an October report from Microsoft that the hackers, whose umbrella group it calls Nobelium, continue to infiltrate the government agencies, foreign policy think tanks and other organisations focused on Russian affairs through the cloud service companies and so-called managed services providers on which they increasingly rely. Mandiant tips its hat to Microsoft’s threat researchers in the report.

Mandiant researchers said the Russian hackers “continue to innovate and identify new techniques and tradecraft” that lets them linger in victim networks, hinder detection and confuse attempts to attribute hacks to them. In short, Russia’s most elite state-backed hackers are as crafty and adaptable as ever.

Mandiant did not identify individual victims or describe what specific information may have been stolen but did say unspecified “diplomatic entities” that received malicious phishing emails were among the targets.

Often, the researchers say, the hackers’ path of least resistance to their targets were cloud-computing services. From there, they used stolen credentials to infiltrate networks. The report describes how in one case they gained access to one victim’s Microsoft 365 system through a stolen session. And, the report says, the hackers routinely relied on advanced tradecraft to cover their tracks.

One clever technique discussed in the report illustrates the ongoing cat-and-mouse game that digital espionage entails. Hackers set up intrusion beachheads using IP addresses, a numeric designation that identifies its location on the Internet, that were physically located near an account they are trying to breach – in the same address block, say, as the person’s local Internet provider. That makes it highly difficult for security software to detect a hacker using stolen credentials posing as someone trying to access their work account remotely.

The SolarWinds hack exploited vulnerabilities in the software supply-chain system and went undetected for most of 2020 despite compromises at a broad swath of US federal agencies – including the Justice Department – and dozens of companies, primarily telecommunications and information technology providers and including Mandiant and Microsoft.

The hacking campaign is named SolarWinds after the US software company whose product was exploited in the first-stage infection of that effort. The Biden administration imposed sanctions last April in response to the hack, including against six Russian companies that support the country’s cyber efforts. – AP

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Meta can be sued in Kenya by ex-content moderator, the country's court rules
IONOS sets IPO price guidance at lower end of range
Factbox: Renault, Nissan detail joint projects to revive alliance
Nissan to buy up to 15% stake in Renault EV unit under reshaped alliance
Japan's Daikin picks Manchester, UK as test bed for green tech
Dell to slash about 6,650 jobs -Bloomberg News
Oracle to invest $1.5 billion in Saudi Arabia, open data centre in Riyadh
Like Musk, nickel-rich Indonesia has high electric vehicle ambitions
Elon Musk says he saved Twitter from 'bankruptcy,' on track to breakeven
ChatGPT will replace some jobs, but traders say not theirs

Others Also Read