Thanks: 
Likes: Russian intelligence agency hacked into the Department of Homeland Security in addition to the Treasury, Commerce and Defense Departments. U.S. officials were unaware of the breach, which took place in the spring, until last week.
Dislikes: 0
Russian intelligence agency hacked into the Department of Homeland Security in addition to the Treasury, Commerce and Defense Departments. U.S. officials were unaware of the breach, which took place in the spring, until last week.
FireEye, a prominent cybersecurity company that was breached in connection with the incident, said in a blog post that other targets included “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.”Originally Posted by bsm2
“If it is cyber espionage, then it one of the most effective cyber espionage campaigns we’ve seen in quite some time,” said John Hultquist, FireEye’s director of intelligence analysis.
The cybersecurity unit at Dept of Homeland Security, known as CISA, has been upended by President Donald Trump’s firing of head Chris Krebs after Krebs called the presidential election the most secure in American history. His deputy and the elections chief have also left.
... there are going to be consequences to this. I expect US Cyber Command will give Russia a hard knock sometime soon. Of course, we will never hear about it unless the US wants it to be made public.
Look for President Biden and NATO Allies to impose severe sanctions on Russia and send a clear message to Putin. Dont F with us again.
Massive suspected Russian hack is 21st century warfare
Avlon: Massive suspected Russian hack is 21st century warfare - CNN Video
CNN's John Avlon breaks down the recent data breach of multiple federal agencies by what US officials suspect are Russian-linked hackers and how President Trump has responded to Russian breaches in the past.
A defense official told CNN that an assessment is still underway to determine what impact there has been, if any, on Department of Defense networks. Acting Defense Secretary Christopher Miller was expected to receive a briefing on the attacks Monday, an official added.
If any defense networks were compromised, US Cyber Command "is postured for swift action," a spokesperson said, adding that they "are in close coordination with our interagency, coalition, industry, and academic partners to assess and mitigate this issue."
As part of its response, the government put into effect Presidential Policy Directive 41, an Obama-era plan for executing a Federal Government response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, the directive also establishes a plan for coordinating a response between the agencies and it requires the Departments of Justice and Homeland Security to assist entities affected by cyber incidents.
While US officials believe that a Russia-linked entity or Russian individuals are responsible for the attacks, they have not yet finalized their designation on which actors are responsible, a senior administration official said.
Microsoft and industry partners seize key domain used in SolarWinds hack
By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks.
Microsoft and industry partners seize key domain used in SolarWinds hack | ZDNet
Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter.
Earlier today, a coalition of tech companies seized and sinkholed avsvmcloud[.]com, transferring the domain into Microsoft's possession.
Sources familiar with today's actions described the takedown as "protective work" done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers.
Even if the SolarWinds hack became public on Sunday, the SUNBURST operators still had the ability to deploy additional malware payloads on the networks of companies that failed to update their Orion apps and still have the SUNBURST malware installed on their networks.
In SEC documents filed on Monday, SolarWinds estimated that at least 18,000 customers installed the trojanized Orion app update and most likely have the first-stage SUNBURST malware on their internal networks.
However, the hackers do not appear to have taken advantage of all these systems and only carried out a handful of carefully-orchestrated intrusions into the networks of high-profile targets.
This was confirmed in a report on Monday from US security firm Symantec, which said that it discovered the SUNBURST malware on the internal networks of 100 of its customers, but it did not see any evidence of second-stage payloads or network escalation activity.
Similarly, Reuters also reported on Monday, confirmed with independent sources by ZDNet, that many companies that installed the trojanized Orion app update did not discover evidence of additional activity and escalation on internal networks, confirming that hackers only went after high-profile targets.
Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:
- US cybersecurity firm FireEye
- The US Treasury Department
- The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
- The Department of Health's National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.
This technique, known as sinkholing, is allowing Microsoft and its partners to build a list of all infected victims, which the organizations plan to use to notify all affected companies and government agencies.
"This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider," ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft's previous takedown and sinkholing efforts against the Necurs and TrickBot botnets.
Current takedown and sinkholing efforts also include representatives for the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, looking to find other US government agencies that might have been compromised.
Due to SolarWinds' extensive US government clientele, government officials are treating the SolarWinds compromise as a national security emergency. A day before the SolarWinds breach became public, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions.
Indicators of compromise and instructions on how to discover and deal with a SUNBURST malware infection are available from Microsoft, FireEye, and CISA.
An interesting discussion by ex CIA officer Malcolm Nance on the recent cyber attacks on the USA.
Malcolm Nance: We're letting them eat our lunch. - YouTube
Guess Who's Back
Russia Russia Russia
JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI)
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
The Russians have not been directly connected with this attack yet. It will take awhile for cyber forensics to conclusively identify the attackers but all indications are that this was a Russian attack on US gov't infrastructure. In the world of Cyber warfare it is possible to shift the blame from the originator of the attacker to an innocent 3rd party.
The thought is that Trump has historically been soft to respond to any kind of Russian aggression so in the last days of his Administration now is the best time to attack.
The LIE is that Trump has been soft on Russia. The TRUTH is that Obama was soft on Russia....and ISIS, China, Mexico...you name it. Obama is a pussy.
PS - Lest we forget about Iran. Obama was a big, smelly pussy on them. Stunk to high heaven.
Trump practically swooned every time he saw Putin. He admires Putin and wanted to be him.
Reply With Quote
Bookmarks