FBI: Nation-State Actors Have Breached Two US Municipalities (zdnet.com) 20
Nation-state hackers breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week. An anonymous reader writes: The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities' networks. The FBI says that once attackers got a foothold on these networks, "malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access." "Due to the sophistication of the compromise and Tactics, Techniques, and Procedures (TTPs) utilized, the FBI believes unidentified nation-state actors are involved in the compromise," the agency said in its security alert. The FBI could not say if both intrusions were carried out by the same group. The agency also did not name the two hacked municipalities; however, it reported the two breaches in greater detail, listing the attackers' steps in each incident.
Is there something more? (Score:2)
Because honestly that just sounds like a typical web server compromise not something that automatically indicates a nation state. The process described sounds almost exactly like what happened to a former managed who made the mistake of saying nobody could get into his "stuff" and happened to be running a vulnerable image gallery application.
Re: (Score:3)
Re: (Score:2)
highlighting these cases and saying it believes they're by nation states for a reason, rather than idiocy.
Well; it could also be that some non-nation-state actors have recently risen above their expectations.
The problem is its just expressed as an opinion or belief they don't give enough to show whether its merely an educated guess based on past trends and experience, or whether there's something that indicates with a much higher level of confidence that a huge investment was made / something beyond the
Re: (Score:2)
"It's reasonable to assume it's highlighting these cases and saying it believes they're by nation states for a reason, rather than idiocy."
I'm not as willing to assume competence on the part of the FBI as you seem to be but if you stop at comma I think that is well stated. It is reasonable to assume they are highlighting cases and saying they believe they're by nation states for a reason, it's entirely possible that reason is political and the objection is generating FUD.
Competence and sophistication aren't
Re: (Score:1)
Re: (Score:2)
Honestly, I just don't understand why anyone uses MS stuff anymore for anything.... Seems its always their software that is the problem.
Probably because that's what their consultants built for them. Many, and probably most, municipal entities have little to no inhouse IT skills, which causes them to just outsource some or all of their IT needs. Unfortunately, they're no better at spec writing either. Then there's the people who only just think they can do it themselves... which leads to the following hilarity: https://www.theregister.co.uk/... [theregister.co.uk]
Re: (Score:2)
> Then there's the people who only just think they can do it themselves...
I'm not sure if that is sad, funny, or both.
The best part was this stupidity ...
So using Word and Excel counts as computer systems engineering? /s *ba dum tsh*
Re: (Score:1)
"Nation-state" buzzword? (Score:2)
Was it Iceland? Japan? Maledives?
How does one determine that it was one of the countries based on nation vs another type of a state? (Israel, USA, India...)
Re: (Score:2)
I'm also tiring of the Tom Clancy style of reporting these intrusions. For one, it's just aggrandizing criminal behavior. But also I think it gives some government departments the excuse not performing basic IT security. The idea being that if the elite hackers in China & North Korea have targeted the Hazard County sheriffs office, there's not much that can be done.
The one the the Feds should be doing is running a pen testing department in the FBI just targeting state and local systems. Then the Fed
Re: (Score:2)
Interesting examples. India, like most states that aren't based on nations, is based on empirical conquest, first by the Mughal Empire, then the English got involved. So that makes sense.
The US is of course the big example of a state that's not based on a nation OR an empire (aka American Exceptionalism) so THAT makes sense.
The whole point of creating modern Israel was that the Jewish nation didn't have a state. So Israel seems like very much a nation-state to me. It's very much the Jewish state.
Re: (Score:2)
What do you consider England? England and Wales (often grouped together)?
Re: (Score:2)
Not that I know their history, but they seem to be separate nations - Welsh is a separate language, for example.
They are currently one state, moving toward separation recently.
A key parameter for statehood is control of territory - do you control who comes into that territory. Wales does not have separate immigration policy. The other key requirement is sovereignty - no other country tells you what to do. Wales is, as I understand it, under the control of the London parliament, able to act independently
Just two? (Score:2)
Those Pesky Nation States (Score:1)
As a voter... (Score:2)
IMPOSSIBLE! (Score:3)
How could they have breached our most secure and sacred technology?! Sharepoint, holy be thy name, why hath thou forsaken us?! Who could have possibly predicted a Microsoft program could be use to breach Windows systems?!
Is NOTHING sacred anymore?! ;)
Microsoft Windows strikes again (Score:2)
“Four aspxwebshells, all of which appeared to be variants of commonly available or open-source [zdnet.com] webshells, were uploaded to the compromised SharePoint server and”