Collaborate Disseminate
By Deeba Ahmed
Microsoft has warned that the new post-compromise backdoor MagicWeb lets hackers “authenticate as anyone.”
This is a post from HackRead.com Read the original post: SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb&#… Continue reading SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’
New infrastructure, old tricks.
The post SolarWinds hackers set up phony media outlets to trick targets appeared first on CyberScoop.
Continue reading SolarWinds hackers set up phony media outlets to trick targets
Hackers associated with the SolarWinds supply chain compromise have been busy in the year since that attack was revealed, compromising multiple cloud solution companies with the goal of stealing data relevant to Russian interests and finding routes to additional victims, new research reveals. Findings published Monday by a team of analysts at Mandiant collate previous observations and analysis — along with the efforts of “hundreds of consultants, analysts and reverse engineers — to paint a picture of potentially distinct groups working alongside or within a more established Russian intelligence hacking group known as Nobelium, a name given to the group by Microsoft. The group is also known as Cozy Bear. The U.S. government formally blamed the Russian government for the hack on SolarWinds, a federal contractor that, when breached as far back as January 2019, provided a path to compromising nine government agencies — including the departments of Treasury, Homeland […]
The post SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds appeared first on CyberScoop.
Continue reading SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds
By Waqas
So far, Microsoft has informed 140 companies about the new attack campaign being carried out by Nobelium 14 of which were compromised by the group.
This is a post from HackRead.com Read the original post: SolarWinds hackers, Nobelium, hit clou… Continue reading SolarWinds hackers, Nobelium, hit cloud providers and resellers
An apparent espionage campaign from the same Russian hacking group that breached the U.S. federal contractor SolarWinds in 2020 differed from that incident — which sparked congressional hearings and a reckoning throughout the U.S. federal government — in significant ways, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. The latest effort unveiled Sunday by Microsoft represents an example of how the group, which the company calls Nobelium and says is connected to the Kremlin’s SVR intelligence agency, targeted whole classes of companies, such at technology resellers and cloud service providers. The company said the intruders compromised 14 of the 140 service providers that were targeted, though investigators appear to have caught the effort relatively early, with Microsoft alerting government officials and publishing an advisory on the matter some five months after the activity appeared to begin. Attackers breached SolarWinds in January 2019, nearly two years […]
The post Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says appeared first on CyberScoop.
Suspected Russian spies who exploited a federal contractor to breach nine U.S. government agencies last year have continued targeting technology supply chains, aiming to compromise 140 technology service providers in recent months, according to Microsoft. The Russian nation-state hacking group Nobelium — also known as Cozy Bear — has since May 2021 sought to infiltrate technology resellers, cloud software companies and managed services providers in an attempt to “piggyback” on those firms’ access to other customers, Tom Burt, corporate vice president of customer security and trust, said in an Oct. 24 advisory. The group’s goal, Burt suggested, is to more effectively impersonate an organization in order to breach its clients and partners, a similar tactic that the spies used when they breached U.S. agencies in 2020 by masquerading as SolarWinds. “We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have […]
The post Russian spies compromised 14 tech providers, aiming to ‘piggyback’ on customer access, Microsoft says appeared first on CyberScoop.
By Waqas
Microsoft warns of the FoggyWeb backdoor used by Nobelium, the same hacking group behind SolarWinds supply-chain attacks.
This is a post from HackRead.com Read the original post: Microsoft warns of Nobelium hackers using FoggyWeb backdoor
Continue reading Microsoft warns of Nobelium hackers using FoggyWeb backdoor
Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from “Amazon”…
And you will NOT want to miss checking out a very special “Pick of the week”!… Continue reading Smashing Security podcast #234: Cozy Bear, dildo scams, and robo hires and fires
Nobelium launched the attacks after getting access to an email marketing service used by the United States Agency for International Development, or USAID, according to Microsoft. Guardian staff and agencies report: The state-backed Russian cyber spies … Continue reading Russian SolarWinds hackers launch email attack on government agencies