Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say (wsj.com) 35
Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn't run the SolarWinds software initially considered the main avenue of attack for the hackers, according to investigators and the government agency digging into the incident. The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions [Editor's note: the link may be paywalled; alternative source]. Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, by guessing online passwords and by capitalizing on a variety of issues in the way Microsoft cloud-based software is configured, investigators said.
Approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview. The attackers "gained access to their targets in a variety of ways. This adversary has been creative," said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. "It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign." Corporate investigators are reaching the same conclusion. Last week, computer security company Malwarebytes said that a number of its Microsoft cloud email accounts were compromised by the same attackers who targeted SolarWinds, using what Malwarebytes called "another intrusion vector."
Approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview. The attackers "gained access to their targets in a variety of ways. This adversary has been creative," said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. "It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign." Corporate investigators are reaching the same conclusion. Last week, computer security company Malwarebytes said that a number of its Microsoft cloud email accounts were compromised by the same attackers who targeted SolarWinds, using what Malwarebytes called "another intrusion vector."
It was only a matter of time (Score:3)
Re:It was only a matter of time (Score:4, Funny)
I'm guessing the Pentagon's contract with MS for their malware doesn't look like such a wise move now. Wasn't there some bozo who leaned on the Pentagon to drop Amazon? Who was that guy?
Re: (Score:2)
"No you don't get it, they're the GOOD soulless military-industrial corporation!"
Microsoft cloud email accounts were compromised (Score:5, Insightful)
Re: Microsoft cloud email accounts were compromise (Score:1)
Top viewpoint
Re: (Score:1)
Though this attack, far to effective, far to subtle, far to precise to not be a high level insider sourced attack. Somebody or Somebodies made big money in an offshore tax haven being the source for the attack. In more than once corporation, participating maybe even involved in this attack.
When the hacks get really good, then insider players become inevitable, basically attacks become greater than the ability of outside players to achieve.
The Russia angle, just a PR=B$ move to desperately try to untangle M
Re: (Score:2)
Security, hard. (Score:3)
Something to think about. If all the big names can't secure things, what chance does the common person have?
Re: (Score:2)
The common person doesn't have a VP of Technology with their lips firmly attached to the azz of Microsoft. There are far more secure options than Microsoft for every known MS product or service. Millions of common people use non-Microsoft products and services every day without problems, but the "big names" can't be bothered to use those products and services because of upper management resistance.
Re: (Score:1)
Re: Security, hard. (Score:2)
Ass pocket.
Re: (Score:2)
Second tier target (Score:2)
So what? That just means that the hackers broke into a primary site, then used credentials stolen from THAT site to break into the next site.
It's still a consequence of the SolarWinds break-in; just a target that took two steps to get to instead of one.
paywalled (Score:2)
Well, both links are paywalled and I cannot read them, but this being Slashdot, who cares. No one reads then anyway.
So, I all have to say is "Windows is bad, Mkay ?
Re: (Score:2)
jmccue complained:
Well, both links are paywalled and I cannot read them, but this being Slashdot, who cares. No one reads then anyway.
Not paywalled at all for me.
Just enable cookies for Bloomberg domains. Forbidding 3rd party cookies everywhere else will deny them most of your data - and how concerned do you need to be about being tracked across Bloomberg's own domains, after all ... ?
WSJ archive link (Score:3)
https://archive.is/LrBbl [archive.is]
This article is worth reading. I like the WSJ for a generally neutral perspective, with a few slip-ups here and there.
100% window (Score:2)
We are back to 2003 and 2011 again.
Re: (Score:2)
It's 100% Microsoft. Mostly Microsoft cloud-based software.
Not 100% Windows. There are some solid Windows based apps. The most common way to hack the Windows OS is through email. Think about that for a minute. What should be the among the simplest of applications is the source of countless security misery.
white flag (Score:1)
I think it should be considered (Score:2)
A sophisticated state actor who managed to avoid detection? Definitely NSA, a similar organization, or a rogue group within them.
Re: (Score:1)
Re: (Score:2)
You're looking at it the wrong way. The NSA's specialty is recording everything. Whatever happens online they have a record. If they aren't talking it can easily mean they don't want to interfere with whatever machinations are going on. You won't see them pipe up when anyone blames the Russians.
And it if's these guys [globes.co.il] nobody will say anything.
Re: (Score:2)
Re: (Score:2)
Snowden's leaks were NSA documents, so only the ignorant would call them clean. My argument stands though, whenever there is a claim about a large hack, check what the NSA says. They are the specialists in figuring out what happened. Usually they just keep quiet or they will put moderate confidence on other's claims, which means "it's possible, no comment".
Looking back on it I do believe the NSA is a lot cleaner in general than the CIA. Maybe I should reevaluate that.
Re: (Score:2)
Re: (Score:2)
Questions remain (Score:2)
https://web.archive.org/web/20... [archive.org]
Russia cultivated the con artist for 40 years (Score:1)
According to an upcoming book [theguardian.com] by Craig Unger, the con artist was cultivated as a Russian asset for nearly 40 years. A former Russian spy helped with the book, describing how after the con artist married his first Eastern European wife, he became the target of a spying operation overseen by Czechoslovakia’s intelligence service in cooperation with the KGB.
In 1987, when the con artist made his first visit to Moscow and St. Peterburg, he was fed KGB talking points and flattered by KGB operatives who flo
Available Now (Score:1)
Re: (Score:2)
Re: (Score:2)
I agree with "Craig Unger, the con artist ".
..another intrusion vector.. (Score:1)
It is very understandable, but another intrusion vector is exactly what it is.
Could be accounts with a weak passwords with no MFA
MS has monitoring in place for this kind of thing.
Do your admin job. I read "Security First" in this thread in relation to AWS. Yes that! We need more of that now.