Researchers Find Links Between SolarWinds Campaign and Tools Used by Russian Hackers
Federal investigators still can’t say with certainty who was behind the recent hacking campaign that compromised countless government agencies and private companies. But cybersecurity researchers say they’ve found evidence linking tools used in the months-long espionage campaign to malware used by Russian cyber operators….
Sen. Warner Says U.S. ‘Underestimate[s] and Underreport[s]’ on Russian Hacks Following SolarWinds Breach
A Senate Democrat who has been a top backer of cybersecurity and intelligence policies accused the Trump administration of “watering down” Russia’s responsibility for the SolarWinds breach and warned that the hackers had compromised several high-profile victims that remain unidentified. Mark Warner, who as Vice-chair of the Senate Intelligence Committee spearheaded a five-volume report on the 2016 Russian election interference campaign, called that statement “one more outrageous effort to underestimate and underreport on Russian activity…”
The SolarWinds Hack and the Perils of Attribution
On Tuesday, a multi-agency task force stood up by the U.S. National Security Council to investigate and respond to the SolarWinds compromise issued a statement alleging that hackers “likely Russian in origin” were behind the intrusion, offering the first official indication that the government believes the attacks were ordered by the Kremlin. But nearly a month after the compromise was first detected, none of the private security companies that are leading the investigation into the intrusions—and often provide the forensic data necessary to identify the perpetrators behind state-sponsored cyber-campaigns—have pinned the blame on a specific group….
Spyware Attack Targeting Dozens of Journalists Used Pernicious Zero-Click Exploit, Researchers Say
The mobile phones of dozens of employees at news outlet Al Jazeera were hacked using a stealthy ‘zero-click’ exploit developed by NSO Group, a heavily scrutinized Israeli commercial spyware vendor, according to a new report by researchers at Citizen Lab. The security research group associated with the University of Toronto said that the 36 journalists identified in their report likely represent a “minuscule fraction” of the total victims of the company’s spyware given the size of NSO Group’s customer base and the reach of the vulnerability, which affects iPhones prior to the iOS 14 update that was released this fall and included several security enhancements….
Ridding Hackers From Government Networks Will Be “Highly Complex and Challenging,” CISA Warns
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Thursday issued its most urgent and detailed alert yet about the hacking campaign that has rocked government agencies and technology firms in recent days, saying that it “poses a grave risk” to federal and state governments, critical infrastructure entities, and private sector organizations. Additionally, CISA said it has evidence of additional attack vectors other than the SolarWinds Orion platform. CISA said it is still investigating the additional attack vectors, and that the attacker is likely using tactics, techniques, and procedures that have not yet been discovered…
Dutch Intelligence Expels Two Russian Diplomats Over Espionage Accusations
The Netherlands’ on Thursday ordered the expulsion of two Russian intelligence officers accused of spying on the country’s high-tech sector and targeting research that could potentially be used in weapons systems, the country’s national intelligence agency said. The Netherlands’ General Intelligence and Security Service, known as AIVD, said that diplomats stationed at the Russian Embassy in The Hague were officers working for the SVR, the Russian civil intelligence agency that was recently reported to be implicated in a high-profile cyberattack against FireEye…
What We Know So Far About the FireEye Breach—and Why It Matters
On Tuesday afternoon, cybersecurity firm FireEye announced what is likely one of the most significant cyberattacks of 2020—with itself as the victim. The attack was notable not just because the fallout could be immense, but because it required a brazenness and skill that only the most sophisticated hacking groups could pull off. Details will likely emerge as the FBI, FireEye, and its partners investigate the incident, but here’s what we know already…
CISA, FBI Warn of Foreign Cyberattacks Targeting U.S. Think Tanks
The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Tuesday alerted U.S. think tanks of “persistent continued cyber intrusions” from advanced persistent threat groups. Several individuals who work at think tanks, including Neera Tanden, the president of the Center for American Progress who was recently announced to be Joe Biden’s pick to lead the Office of Management and Budget, have already been tapped to join the new administration….
Cyber-Espionage Attacks Disproportionately Target These Industries
Industries frequently targeted by financially-motivated cybercriminals, such as banks and healthcare organizations, are a low priority for attackers engaged in espionage, a new report from Verizon suggests. These attackers, typically linked to nation states, instead focus their efforts on industries that hold data like trade secrets, blueprints and classified government documents…
Ukraine’s Top Cyber Cop on Defending Against Disinformation and Russian Hackers
In recent years, Ukraine has become an involuntary testing ground for some of the most dangerous cyberweapons in the world. Serhii Demediuk has perhaps played the most prominent role in defending Ukraine against digital intrusions, investigating cyberattacks and the groups behind them, and strengthening the country’s capabilities in cyberspace….