Category Archives: Cozy Bear

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

Posted on by

It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure. The emails purport to be from the the United States Agency for International Development, with targets including government agencies, research institutions and nongovernmental organizations in the U.S. and Europe. Volexity said it had concluded, with moderate confidence, that Cozy Bear — the group also known as APT29 or the Dukes — was behind the emails. If true, it would be a return to an old favorite subject for Cozy Bear, which the U.S. government and others implicated in the 2016 hacks of the Democratic National Committee and Hillary Clinton’s presidential campaign, among other election interference efforts. More recently, Cozy Bear has garnered attention from the Biden […]

The post Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery appeared first on CyberScoop.

Continue reading Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

U.S. Takes Aim at Russia’s Cyber Ops Ecosystem

Posted on by

The Biden administration is taking the Russian cyber operations ecosystem to task with sanctions pointed at both established Russian companies as well as Russian-controlled entities created by the FSB, GRU and SVR for operational purposes. Coupled wit… Continue reading U.S. Takes Aim at Russia’s Cyber Ops Ecosystem

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks

Posted on by

To the surprise of precisely nobody, the NSA, FBI and CISA agreed that last year’s SolarWinds supply-chain attack was orchestrated by the Russian state.
The post U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks appeared first on Security Boulevar… Continue reading U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks

U.S. government accuses Russian companies of recruiting spies, hacking for Moscow

Posted on by

The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has […]

The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop.

Continue reading U.S. government accuses Russian companies of recruiting spies, hacking for Moscow

White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign

Posted on by

The Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations. The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it was part of an effort to “disrupt the coordinated efforts of Russian officials, proxies, and intelligence agencies to delegitimize our electoral process.” As part of the crackdown, Treasury sanctioned six Russian tech firms for allegedly providing support to Russian intelligence services’ hacking operations by developing malicious software or setting up IT infrastructure. U.S. officials also made official what had long been rumored: They believe with “high confidence” that Russia’s foreign intelligence agency, the SVR, carried out the hacking campaign that has exploited software made by contractor SolarWinds and other vendors to infiltrate nine U.S. agencies […]

The post White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign appeared first on CyberScoop.

Continue reading White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign

NSA, FBI, DHS expose Russian intelligence hacking tradecraft

Posted on by

The U.S. government warned the private sector Thursday that Russian government hackers working for Russia’s Foreign Intelligence Service (SVR) are actively exploiting five known vulnerabilities to target U.S. companies and the defense industrial base. The National Security Agency, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) urged system administrators to patch immediately against the vulnerabilities the hackers, also known at APT29 or Cozy Bear, are exploiting. The SVR hackers are specifically actively exploiting vulnerabilities in Fortinet FortiGate VPN, Synacor Zimbra Collaboration Suite, Pulse Secure Pulse Connect Secure VPN, Citrix Application Delivery Controller and Gateway and VMware Workspace ONE Access to gain initial footholds into networks, the government said in its alert. The hackers have been using these initial footholds to collect victims’ authentication credentials to burrow further into networks. The announcement coincides with the U.S. intelligence community’s formal attribution of the supply chain hack […]

The post NSA, FBI, DHS expose Russian intelligence hacking tradecraft appeared first on CyberScoop.

Continue reading NSA, FBI, DHS expose Russian intelligence hacking tradecraft

VMware Flaw a Vector in SolarWinds Breach?

Posted on by

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. Continue reading VMware Flaw a Vector in SolarWinds Breach?

Up to 18,000 SolarWinds customers installed poisoned update that could allow state-sponsored attack

Posted on by

The United States Department of Commerce, Treasury, State Department, National Institutes of Health, Homeland Security, and Pentagon have had their networks compromised in what appears to have been a massive supply-chain attack on American government s… Continue reading Up to 18,000 SolarWinds customers installed poisoned update that could allow state-sponsored attack

SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack

Posted on by

Russian spies have been operating inside countless enterprises and government agencies, thanks to a hack of SolarWinds.
The post SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack appeared first on Security Boulevard.
Continue reading SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack