Sea Island, Georgia – Russia’s Central Intelligence Agency has launched a new campaign to infiltrate the computer networks of thousands of US governments, companies and think tanks. He has carried out a number of complex espionage operations around the world.
In an interview, Tom Bart, Microsoft’s senior security officer, said the new initiative was “huge and ongoing.” Government officials said the operation, which appeared to aim to retrieve data stored in the cloud, came from the Russian intelligence agency SVR, which first penetrated the Democratic National Committee’s network during the 2016 election.
Microsoft claims a low success rate but does not provide enough information to accurately measure the severity of the theft.
Earlier in the year, the White House blamed the SVR for the so-called SolarWinds hack. This is a follow-up attempt to change the software used by the country’s largest government agencies and companies to give Russia’s 18,000 users broad access. Biden said the attack undermined confidence in the government’s core system and vowed revenge for election meddling and interference. But when he announced sanctions against Russian financial institutions and technology companies in April, he relaxed sanctions.
“President Putin knew he could go further, but he decided against it,” Biden said after calling Russia’s head of state. “Now is the time to end the escalation.”
US officials say the types of attacks reported by Microsoft fall under the category of espionage, which is regularly carried out by major powers against one another. However, its operations have varied as countries search for data on a Covid-19 vaccine, despite saying the two governments meet regularly to tackle ransomware and other internet-age diseases. Industry and State Secrets.
John Hartquisto, vice president of intelligence analysis at Mandiant, who first discovered the SolarWinds attack, gathered many cyber and intelligence intelligence experts at the Cipher Briefslet conference held on Sea Island on Sunday. I said, “But what we’ve learned is that very good SVRs don’t slow down.”
It’s not clear how successful the last campaign was. Microsoft recently announced that it had notified more than 600 organizations that it had attempted approximately 23,000 breaches. For comparison: In the last three years, the company claims to have discovered just 20,500 attacks targeted by “people from all states”. Microsoft said several attempts had been successful recently, but there were no details or details on the number of organizations compromised.
US officials have confirmed an operation they believe to be routine spying is underway. However, they claim that if it succeeds, cloud service providers like Microsoft will take a lot of responsibility.
Government officials described the recent attacks as “immature secular operations that could have been prevented if cloud service providers had implemented basic cybersecurity practices”.
“We can do a lot, but it is the responsibility of the private sector to put their cybersecurity practices in place, which is simple, to close our digital doors.”
Government officials are pushing for more data in the cloud because it is much easier to protect information in the cloud. (Amazon managed the CIA cloud deal. During the Trump administration, Microsoft won a major deal to move the Pentagon to the cloud, but recently the program has talked about how it was delivered. It was approved by the Byden administration in being abandoned after a long legal debate.)
According to experts, the recent attacks by Russia have reminded us that moving to the cloud is not the solution. This is especially true if the people managing cloud operations use inadequate protection.
Microsoft said the attack focused on “merchants” who had adapted cloud usage for business and academia. Russian hackers seem to have calculated that if they were able to break into distributors, they would have high-level access to the data they needed, such as government email, defense technology, and vaccine research.
“We are trying to replicate the approach we used in previous attacks by targeting companies that are important to our global information technology supply chain,” the Russian intelligence agency said.
Its supply chain is a prime target for Russian government hackers, and a growing number of Chinese hackers are trying to emulate Russia’s most successful technology.
In this case, SolarWinds, late last year, a Russian hacker subtly modified the computer code of network management software used by companies and government agencies to attack supply chains and tampered with the code when it was sent to 18,000 users. It was entered silently.
When these users upgrade to new versions of the software (tens of millions of people update their iPhones every few weeks), Russia suddenly gains access to the entire network.
In its latest attack, the SVR, which is known as a stealth operator in cyberspace, uses a technique similar to brute force. As Microsoft explains, the breach was primarily a matter of providing a large database of passwords stolen in an automated attack to infiltrate Microsoft’s cloud services by Russian government hackers. Ricefield. This is a complex and inefficient process and only works if several distributors of Microsoft’s cloud services fail to implement some of the required cybersecurity practices over the past year.
Microsoft said in a blog post on Monday that it would do more to fulfill distributors’ contractual obligations to implement security measures.
“Russia wants systematic access,” Christopher Krebs, who heads the cybersecurity and security agency Homeland Security, said when announcing the 2020 general election. He said he would stay until he was fired from President Donald J. Trump last year. Honestly, do without serious scams. “You’re not trying to save individual accounts.”
Federal officials say they are actively using Biden’s new administration to protect the country from cyber threats, especially new international organizations, to confuse Russia-based gangs against ransomware. We pay attention to our efforts. Biden is working with a much larger team of new senior officials to oversee the government’s cyber operations and enforce security changes that make it much more difficult to prevent attacks like the recent one.
In response to SolarWinds, the White House has set a deadline for all contractors working with government agencies and the federal government to implement a new round of difficult security practices to target Russia, China, Iran and North Korea. The hacker announced that. This is a second way to authenticate users who are logged into accounts, as banks and credit card companies send codes to phones and other devices to verify that stolen passwords are not being used. Contains basic steps such as: B. how to do it.
Compliance with the new standards has increased, but is still insufficient. Companies often say that the challenges of challenging government procurement and locking down various types of computer networks cannot be covered by a single regulation. Government efforts to require companies to report systemic violations