SEC hits four companies with fines for misleading disclosures around SolarWinds hack

Unisys, Avaya, Check Point and Mimecast will pay fines to settle charges that they downplayed in SEC filings the extent of the compromise.

The post SEC hits four companies with fines for misleading disclosures around SolarWinds hack appeared first on CyberScoop.

Continue reading SEC hits four companies with fines for misleading disclosures around SolarWinds hack

Agencies warn about Russian government hackers going after unpatched vulnerabilities

The SVR is conducting its targeting both specifically and broadly, the U.S. and U.K. cyber agencies said.

The post Agencies warn about Russian government hackers going after unpatched vulnerabilities appeared first on CyberScoop.

Continue reading Agencies warn about Russian government hackers going after unpatched vulnerabilities

Federal government affected by Russian breach of Microsoft

U.S. cybersecurity officials issued an emergency directive this week to address a breach by Russian operatives of Microsoft first disclosed in January.

The post Federal government affected by Russian breach of Microsoft appeared first on CyberScoop.

Continue reading Federal government affected by Russian breach of Microsoft

German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says

The group may have been seeking insights on shifting European sentiments on Ukraine, threat analysts suggest.

The post German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says appeared first on CyberScoop.

Continue reading German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says

Russian foreign intelligence hackers gain access to top Microsoft officials, company says

Microsoft said the SVR attack “was not the result of a vulnerability” in its products or services.

The post Russian foreign intelligence hackers gain access to top Microsoft officials, company says appeared first on CyberScoop.

Continue reading Russian foreign intelligence hackers gain access to top Microsoft officials, company says

Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says

An apparent espionage campaign from the same Russian hacking group that breached the U.S. federal contractor SolarWinds in 2020 differed from that incident — which sparked congressional hearings and a reckoning throughout the U.S. federal government — in significant ways, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. The latest effort unveiled Sunday by Microsoft represents an example of how the group, which the company calls Nobelium and says is connected to the Kremlin’s SVR intelligence agency, targeted whole classes of companies, such at technology resellers and cloud service providers. The company said the intruders compromised 14 of the 140 service providers that were targeted, though investigators appear to have caught the effort relatively early, with Microsoft alerting government officials and publishing an advisory on the matter some five months after the activity appeared to begin. Attackers breached SolarWinds in January 2019, nearly two years […]

The post Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says appeared first on CyberScoop.

Continue reading Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says

Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings

President Joe Biden urging Vladimir Putin to crack down on cyberattacks coming from within Russian borders doesn’t seem to have convinced the Kremlin to give it up just yet. RiskIQ said in a report Friday that it uncovered active hacking infrastructure that Western governments attributed last summer to the Russian SVR intelligence agency-linked APT29 or Cozy Bear, which it used at the time to try to steal Covid-19 research. Known as WellMess or WellMail, the malware warranted government alerts in July of 2020 from the U.S., U.K. and Canada. In April, the FBI urged organizations to patch five known vulnerabilities that U.S. officials said were the subject of exploitation by the SVR. RiskIQ identified three dozen command and control servers serving WellMess that the company said were under APT29 control.  It focused on the infrastructure after a U.S.-Russia summit where cyberattacks came up. “The activity uncovered was notable given the […]

The post Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings appeared first on CyberScoop.

Continue reading Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings

SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

The same Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have in the last week launched a phishing campaign that aimed to hack some 150 organizations in 24 countries, Microsoft said Thursday. The suspected Russian hackers have posed as the U.S. Agency for International Development, a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25, Microsoft said in a blog post. The majority of the target organizations are in the U.S., and at least a quarter of them work in international development, humanitarian aid and human rights, Microsoft said. The hackers blasted out the nefarious messages by using a breached account that USAID uses to send marketing emails, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. A USAID spokesperson said that a forensic investigation into the breach […]

The post SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says appeared first on CyberScoop.

Continue reading SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say

After pulling off a sweeping breach of U.S. government networks last year, Russia’s SVR foreign intelligence agency has been scanning the internet for a vulnerability in Microsoft software previously exploited by Chinese spies, British and American security agencies said Friday. It’s the third time in a month that U.S. security agencies have published information on hacking techniques allegedly used by the SVR, the Russian spy agency accused of exploiting software made by SolarWinds and other vendors to breach at least nine U.S. federal agencies. The discovery underscores how a bug in widely used technology can be valuable to spy agencies around the world, which bank on the possibility that some of the organizations they target fail to promptly update their software. The alert is part of a press from the U.S. and its allies against the same hacking group that broke into the Democratic National Committee ahead of the 2016 […]

The post Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say appeared first on CyberScoop.

Continue reading Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say

Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018

U.S. national security agencies on Monday continued their concerted efforts to expose hacking techniques used by the Russian intelligence agency allegedly responsible for a historic cyber-espionage campaign aimed at the U.S. government. The latest public statement from the FBI and the Department of Homeland Security traces the evolution of Russia’s SVR foreign intelligence agency as a formidable cyber adversary capable of exploiting U.S. networks through a range of tools. A turning point, the advisory said, came in 2018 when the FBI saw the SVR begin to target email-based cloud computing resources in a likely effort to conceal the spies’ intelligence collection. The SVR allegedly employed that tactic in the hacking effort that exploited software made by SolarWinds and other vendors to breach nine U.S. government agencies. The bugging of trusted SolarWinds software updates was “a notable departure from the SVR’s historic tradecraft,” the FBI and DHS’s Cybersecurity and Infrastructure Security […]

The post Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018 appeared first on CyberScoop.

Continue reading Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018