Home>Blog>The Hacker News Headlines>US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
The Hacker News Headlines

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

The U.S. and U.K. on Thursday formally attributed the supply
chain attack of IT infrastructure management company SolarWinds
with “high confidence” to government operatives working for
Russia’s Foreign Intelligence Service (SVR).

“Russia’s pattern of malign behaviour around the world – whether
in cyberspace, in election interference or in the aggressive
operations of their intelligence services – demonstrates that
Russia remains the most acute threat to the U.K.’s national and
collective security,” the U.K. government said[1]
in a statement.

password auditor

To that effect, the U.S. Department of the Treasury has imposed
sweeping sanctions against Russia for “undermining the conduct of
free and fair elections and democratic institutions” in the U.S.
and for its role in facilitating the sprawling SolarWinds hack,
while also barring six technology companies in the country that
provide support to the cyber program run by Russian Intelligence
Services.

The companies include ERA Technopolis, Pasit, Federal State
Autonomous Scientific Establishment Scientific Research Institute
Specialized Security Computing Devices and Automation (SVA),
Neobit, Advanced System Technology, and Pozitiv Teknolodzhiz
(Positive Technologies), the last three of which are IT security
firms whose customers include the Russian intelligence
agencies.

In addition, the Biden administration is also expelling ten members[2]
of Russia’s diplomatic mission in Washington, D.C., including
representatives of its intelligence services.

“The scope and scale of this compromise combined with Russia’s
history of carrying out reckless and disruptive cyber operations
makes it a national security concern,” the Treasury Department
said[3]. “The SVR has put at
risk the global technology supply chain by allowing malware to be
installed on the machines of tens of thousands of SolarWinds’
customers.”

For its part, Moscow had previously denied involvement[4]
in the broad-scope SolarWinds campaign, stating “it does not
conduct offensive operations in the cyber domain.”

The intrusions[5]
came to light in December 2020 when FireEye and other cybersecurity
firms revealed that the operators behind the espionage campaign
managed to compromise the software build and code signing
infrastructure of SolarWinds Orion platform as early as October
2019 to deliver the Sunburst backdoor with the goal of gathering
sensitive information.

password auditor

Up to 18,000 SolarWinds customers are believed to have received
the trojanized Orion update, although the attackers carefully
selected their targets, opting to escalate the attacks only in a
handful of cases by deploying Teardrop malware based on an initial
reconnaissance of the target environment for high-value accounts
and assets.

The adversary’s compromise of the SolarWinds software supply
chain is said to have given it the ability to remotely spy or
potentially disrupt more than 16,000 computer systems worldwide,
according to the executive order[6]
issued by the U.S. government.

Besides infiltrating the networks of Microsoft[7], FireEye[8], Malwarebytes[9], and Mimecast[10], the attackers are also
said to have used SolarWinds as a stepping stone to breaching
several U.S. agencies such as the National Aeronautics and Space
Administration (NSA), the Federal Aviation Administration (FAA),
and the Departments of State, Justice, Commerce, Homeland Security,
Energy, Treasury, and the National Institutes of Health.

The SVR actor is also known by other names such as APT29, Cozy
Bear, and The Dukes, with the threat group being tracked under
different monikers, including UNC2452 (FireEye), SolarStorm (Palo
Alto Unit 42), StellarParticle (CrowdStrike), Dark Halo (Volexity),
and Nobelium (Microsoft).

Furthermore, the National Security Agency (NSA), the
Cybersecurity and Infrastructure Security Agency (CISA), and the
Federal Bureau of Investigation (FBI) have jointly released an
advisory[11], warning businesses of
active exploitation of five publicly known vulnerabilities by APT29
to gain initial footholds into victim devices and networks —

“We see what Russia is doing to undermine our democracies,” said
U.K. Foreign Secretary Dominic Raab. “The U.K. and U.S. are calling
out Russia’s malicious behaviour, to enable our international
partners and businesses at home to better defend and prepare
themselves against this kind of action.”

References

  1. ^
    said
    (www.gov.uk)
  2. ^
    expelling ten members
    (home.treasury.gov)
  3. ^
    said
    (home.treasury.gov)
  4. ^
    denied
    involvement     (thehackernews.com)
  5. ^
    intrusions
    (thehackernews.com)
  6. ^
    executive order
    (www.whitehouse.gov)
  7. ^
    Microsoft
    (thehackernews.com)
  8. ^
    FireEye
    (thehackernews.com)
  9. ^
    Malwarebytes
    (thehackernews.com)
  10. ^
    Mimecast
    (thehackernews.com)
  11. ^
    advisory
    (www.nsa.gov)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.