Collaborate Disseminate
US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts.
The post Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts appeared first on SecurityWeek.
Continue reading Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts
New infrastructure, old tricks.
The post SolarWinds hackers set up phony media outlets to trick targets appeared first on CyberScoop.
Continue reading SolarWinds hackers set up phony media outlets to trick targets
An apparent espionage campaign from the same Russian hacking group that breached the U.S. federal contractor SolarWinds in 2020 differed from that incident — which sparked congressional hearings and a reckoning throughout the U.S. federal government — in significant ways, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. The latest effort unveiled Sunday by Microsoft represents an example of how the group, which the company calls Nobelium and says is connected to the Kremlin’s SVR intelligence agency, targeted whole classes of companies, such at technology resellers and cloud service providers. The company said the intruders compromised 14 of the 140 service providers that were targeted, though investigators appear to have caught the effort relatively early, with Microsoft alerting government officials and publishing an advisory on the matter some five months after the activity appeared to begin. Attackers breached SolarWinds in January 2019, nearly two years […]
The post Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says appeared first on CyberScoop.
Suspected Russian spies who exploited a federal contractor to breach nine U.S. government agencies last year have continued targeting technology supply chains, aiming to compromise 140 technology service providers in recent months, according to Microsoft. The Russian nation-state hacking group Nobelium — also known as Cozy Bear — has since May 2021 sought to infiltrate technology resellers, cloud software companies and managed services providers in an attempt to “piggyback” on those firms’ access to other customers, Tom Burt, corporate vice president of customer security and trust, said in an Oct. 24 advisory. The group’s goal, Burt suggested, is to more effectively impersonate an organization in order to breach its clients and partners, a similar tactic that the spies used when they breached U.S. agencies in 2020 by masquerading as SolarWinds. “We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have […]
The post Russian spies compromised 14 tech providers, aiming to ‘piggyback’ on customer access, Microsoft says appeared first on CyberScoop.
The list of victims keeps growing for the suspected Russian hackers who breached a U.S. federal contractor in order to gather intelligence from throughout the federal government. Autodesk, an American software and security company, said in a recent filing to the U.S. Securities and Exchange Commission that hackers had targeted the firm with the Sunburst malicious software. Cozy Bear, a state-sponsored Russian hacking group, relied on Sunburst to carry out an attack against SolarWinds, an IT firm that spies used as a foothold into targets throughout the government and private sector. In a 10-Q filing to the SEC, Autodesk said it discovered that one of its servers had been compromised, and that it had taken steps to remediate the fallout. The California-based firm makes design software and 3D technology tools for American customers in the architecture, engineering and education sectors. It is only the latest publicly listed company to confirm […]
The post SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign appeared first on CyberScoop.
President Joe Biden urging Vladimir Putin to crack down on cyberattacks coming from within Russian borders doesn’t seem to have convinced the Kremlin to give it up just yet. RiskIQ said in a report Friday that it uncovered active hacking infrastructure that Western governments attributed last summer to the Russian SVR intelligence agency-linked APT29 or Cozy Bear, which it used at the time to try to steal Covid-19 research. Known as WellMess or WellMail, the malware warranted government alerts in July of 2020 from the U.S., U.K. and Canada. In April, the FBI urged organizations to patch five known vulnerabilities that U.S. officials said were the subject of exploitation by the SVR. RiskIQ identified three dozen command and control servers serving WellMess that the company said were under APT29 control. It focused on the infrastructure after a U.S.-Russia summit where cyberattacks came up. “The activity uncovered was notable given the […]
The post Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings appeared first on CyberScoop.
Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from “Amazon”…
And you will NOT want to miss checking out a very special “Pick of the week”!… Continue reading Smashing Security podcast #234: Cozy Bear, dildo scams, and robo hires and fires
A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident. Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators. Investigators have suggested that the Russian hacking group known as Cozy Bear — thought to be associated with the SVR intelligence agency — corrupted a software update in the SolarWinds Orion product, using the seemingly […]
The post SolarWinds hackers had access to Denmark’s central bank for 7 months, report says appeared first on CyberScoop.
Continue reading SolarWinds hackers had access to Denmark’s central bank for 7 months, report says
State-sponsored Russian hackers compromised a Microsoft customer support representative’s account, leveraging that access to try to hack other customers, the company said. The cyber-espionage group that Microsoft calls Nobelium — also known as APT 29 and Cozy Bear — obtained “basic account information” about a limited number of customers as part of the effort. The same group is the primary suspect in the data breach at federal contractor SolarWinds, a hack in which spies also breached nine U.S. federal agencies and scores of technology companies. “This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised — we are aware of three compromised entities to date,” said the Microsoft blog post. “All customers that were compromised or targeted are being contacted through our state-notification process.” The apparent Russian hackers used information-stealing malware to infect a customer support machine, then used data found on that device to […]
The post Russian hackers breached Microsoft customer support to try phishing targets in 36 countries appeared first on CyberScoop.
An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. It also points to the persistent threats that small nonprofits face from well-resourced hackers, as well as the long-running alleged Russian efforts to undermine democratic institutions. Microsoft on May 27 said hackers had used a breached account belonging to the U.S. Agency for International Development, a U.S. government agency, to send phishing emails to some 3,000 email accounts at 150 organizations in 24 countries (U.S. officials estimated an even broader set of targets: 7,000 accounts and 350 organizations.) Microsoft blamed […]
The post Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing appeared first on CyberScoop.