US cybersecurity agency alleges Russian hacking campaign

Microsoft has already announced that it’s notified more than 40 large customers hit by the malware which allegedly originated from hackers linked to the Russian government. The malware has been allowing attackers unfettered access to a range of government and private networks.

As of yesterday, 80% of the attacks were in the US although Microsoft has already identified attacks in 7 other countries, including Canada, Mexico, Belgium, Spain, Britain, Israel and the UAE. But the list continues to grow. The White House has made no comment about the current situation.

Brad Smith, Microsoft’s chief legal counsel, said the company had uncovered 40 customers, including government agencies, thinktanks, NGOs and IT companies, who were “targeted more precisely and compromised” after the hackers had gained initial access earlier this year.

“It’s certain that the number and location of victims will keep growing. This is not espionage as usual, even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the US and the world.”

The attack appears to have started when an updated popular IT network management tool named as ‘Orion’, made by SolarWinds, was compromised from March this year. Around 18,000 customers installed the compromised update, many of who were working for US government agencies.

Hackers reportedly installed malware on software used by the US Treasury Department and the Commerce Department, allowing them to view internal email traffic.

Of these, at least 40 were then selected by the attackers for further exploitation, including the US Treasury and Department of Commerce, where emails are thought to have been read, and the National Telecommunications and Information Administration.

Microsoft announced that it had been able to trace some of the impact of the SolarWinds attack because it has been brought in by clients to assist using its in-house antivirus software. MicroSoft has admitted it had fallen victim to the attack, although “it no evidence of access to production services or customer data”.

The US National Security Agency has called for increased vigilance to prevent unauthorised access to key military and civilian networks.

In a statement from the NSA… “The recent SolarWinds Orion code compromise is one serious example of how on-premises systems can be compromised, leading to abuse of federated authentication and malicious cloud access.”

Analysts have said the attacks pose threats to national security by infiltrating key government systems, while also creating risks for key infrastructure controls for systems such as electric power grids and other utilities.

The Department of Homeland Security’s cyber security admits that the full scope of the attack “is not yet known”, with most local government and private sector systems “at grave risk.”

Although federal authorities have so far traced the attack’s launch back to March, it remains unclear just how long alleged operatives could have been tinkering inside some of the US government’s most critical agencies, including the departments of State, Homeland Security, Treasury and Commerce.

The US Cybersecurity and Infrastructure Security Agency say it hasn’t identified who was behind the malware attack but private security companies pointed a finger at hackers linked to the Russian government.

US Secretary of State Mike Pompeo has also suggested involvement by Moscow on Monday, saying the Russian government had made repeated attempts to breach US government networks.

Meanwhile President-elect Joe Biden said he had “great concern” over the computer breach while Utah Senator Mitt Romney slammed what he called “inexcusable silence” from the White House.

Shares of Microsoft were down 0.36% at $218.63 in trading yesterday. Shares of SolarWinds were down 0.45% at $17.52.

Microsoft has also released a statement HERE.

SOURCES: The Guardian | The Verge | Microsoft

 

Get more from The Thaiger

📱 Download our app on Android or iOS
👋 Have your say on our Thailand forums
🔔 Subscribe to our daily email newsletter
📺 Subscribe / Join YouTube for daily shows
👍 Like/Follow us on Facebook
🐦 FOLLOW us on Twitter
📷 FOLLOW us on Instagram