Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say (wsj.com) 35

Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn't run the SolarWinds software initially considered the main avenue of attack for the hackers, according to investigators and the government agency digging into the incident. The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions [Editor's note: the link may be paywalled; alternative source]. Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, by guessing online passwords and by capitalizing on a variety of issues in the way Microsoft cloud-based software is configured, investigators said.

Approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview. The attackers "gained access to their targets in a variety of ways. This adversary has been creative," said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. "It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign." Corporate investigators are reaching the same conclusion. Last week, computer security company Malwarebytes said that a number of its Microsoft cloud email accounts were compromised by the same attackers who targeted SolarWinds, using what Malwarebytes called "another intrusion vector."

This discussion has been archived. No new comments can be posted.

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

Comments Filter:
  • by bobcat7677 ( 561727 ) on Friday January 29, 2021 @04:42PM (#61006996) Homepage
    Thousands of old devs are all thinking "I told you so" right now. Microsoft security has always been problematic, including their cloud offerings. AWS was always superior in this area with their "security first" approach to cloud products. Microsoft just did whatever they had to for compliance and an appearance of security.
  • by oldgraybeard ( 2939809 ) on Friday January 29, 2021 @04:43PM (#61006998)
    The Cloud, compromised by design, secured with hope!
    • by rtb61 ( 674572 )

      Though this attack, far to effective, far to subtle, far to precise to not be a high level insider sourced attack. Somebody or Somebodies made big money in an offshore tax haven being the source for the attack. In more than once corporation, participating maybe even involved in this attack.

      When the hacks get really good, then insider players become inevitable, basically attacks become greater than the ability of outside players to achieve.

      The Russia angle, just a PR=B$ move to desperately try to untangle M

    • Cloudtastrophie! MS is worth lots, yet they do not spend money on security, as soon as they meet some perceived standard that allows customer lock-in. In IBM lingo, IBM secured ZOS with hardware memory keys. Intel introduced some pretty good hardware protections, but MS was too lazy to re-write parts of their OS that depended on that feature. Maybe because all the other software would also need re-writing with security first in mind. Moving to the cloud is just a platform move. There is no better or extra
  • by Ostracus ( 1354233 ) on Friday January 29, 2021 @04:59PM (#61007036) Journal

    Something to think about. If all the big names can't secure things, what chance does the common person have?

    • by vinn01 ( 178295 )

      The common person doesn't have a VP of Technology with their lips firmly attached to the azz of Microsoft. There are far more secure options than Microsoft for every known MS product or service. Millions of common people use non-Microsoft products and services every day without problems, but the "big names" can't be bothered to use those products and services because of upper management resistance.

    • This is an example of why "big" is negative for security. If the payoff for subverting one individual is high enough, it is more likely to happen.
  • "Close to a third of the victims didn't run the SolarWinds software initially considered the main avenue of attack for the hackers..."

    So what? That just means that the hackers broke into a primary site, then used credentials stolen from THAT site to break into the next site.

    It's still a consequence of the SolarWinds break-in; just a target that took two steps to get to instead of one.

  • Well, both links are paywalled and I cannot read them, but this being Slashdot, who cares. No one reads then anyway.

    So, I all have to say is "Windows is bad, Mkay ?

    • by thomst ( 1640045 )

      jmccue complained:

      Well, both links are paywalled and I cannot read them, but this being Slashdot, who cares. No one reads then anyway.

      Not paywalled at all for me.

      Just enable cookies for Bloomberg domains. Forbidding 3rd party cookies everywhere else will deny them most of your data - and how concerned do you need to be about being tracked across Bloomberg's own domains, after all ... ?

    • https://archive.is/LrBbl [archive.is]

      This article is worth reading. I like the WSJ for a generally neutral perspective, with a few slip-ups here and there.

  • 100% windows so far.

    We are back to 2003 and 2011 again.
    • by vinn01 ( 178295 )

      It's 100% Microsoft. Mostly Microsoft cloud-based software.

      Not 100% Windows. There are some solid Windows based apps. The most common way to hack the Windows OS is through email. Think about that for a minute. What should be the among the simplest of applications is the source of countless security misery.

  • What are the chances this and others are just the NSA. After all they have tens of thousands of staff, they must be doing something.
    • What are the chances this and others are just the NSA.

      A sophisticated state actor who managed to avoid detection? Definitely NSA, a similar organization, or a rogue group within them.

    • You're looking at it the wrong way. The NSA's specialty is recording everything. Whatever happens online they have a record. If they aren't talking it can easily mean they don't want to interfere with whatever machinations are going on. You won't see them pipe up when anyone blames the Russians.
      And it if's these guys [globes.co.il] nobody will say anything.

      • Of course the NSA is completely clean and honourable, just like their brothers the CIA who also never did a bad thing in their life. Lets be honest there, the CIA are world champions at doing the same actions against others many times innocent nothing countries for over 70 years. All the labels being thrown at the Russian government could also be applied to the CIA, and we all have more than several examples of CIA guilt.
        • Snowden's leaks were NSA documents, so only the ignorant would call them clean. My argument stands though, whenever there is a claim about a large hack, check what the NSA says. They are the specialists in figuring out what happened. Usually they just keep quiet or they will put moderate confidence on other's claims, which means "it's possible, no comment".
          Looking back on it I do believe the NSA is a lot cleaner in general than the CIA. Maybe I should reevaluate that.

          • I was being sarcastic, i thought my mention of the CIA made this obvious. WIki is full of examples of CIA attacking countries in many ways far worse than todays "russians" or "chinese". Go ask half the countries in South America about America and the dictators, contras and so on. Repeat again for Asia, Mid East, Africa and Europe.
      • Yes Israel is quiet the complete opposite to the crying bitch that is the USA. That still leaves 200 countries. We also know that the USA loves to cry god knows how often the 9/11 thing is mentioned to this day, far more than what we see in other countries who are victims with far more dead on a far more regular basis.https://slashdot.org/comments.pl?sid=18150170&cid=61008486#
  • According to an upcoming book [theguardian.com] by Craig Unger, the con artist was cultivated as a Russian asset for nearly 40 years. A former Russian spy helped with the book, describing how after the con artist married his first Eastern European wife, he became the target of a spying operation overseen by Czechoslovakia’s intelligence service in cooperation with the KGB.

    In 1987, when the con artist made his first visit to Moscow and St. Peterburg, he was fed KGB talking points and flattered by KGB operatives who flo

    • Fascinating post. One minor correction - the book (entitled American Kompromat) is not "upcoming". It's already out. I just ordered a copy from Amazon.
    • Mr Somers. We'll go back on the record. Were you aware that on or about September 7, 2016, the FBI received an investigative referral from the CIA regarding "US Presidential Candidate Hillary Clinton's approval of a plan concerning US Presidential Candidate Donald Trump and Russian hackers hampering US elections as a means of distracting the public from her use of a private email server?" SIA: I was aware, yes.
    • I agree with "Craig Unger, the con artist ".

  • Which could be anything unrelated, but hey, maybe they can sport off some more money to keep investigating.
    It is very understandable, but another intrusion vector is exactly what it is.
    Could be accounts with a weak passwords with no MFA

    MS has monitoring in place for this kind of thing.

    Do your admin job. I read "Security First" in this thread in relation to AWS. Yes that! We need more of that now.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...