Suspected Russian hackers targeted the cybersec firm Malwarebytes. The attacker abused “apps with privileged access to MS Office 365 and Azure environments,” said CEO M Kleczynski. He said the attack was part of the campaign that has used SolarWinds software to target other firms. Analysts, on the other hand, have said that SolarWinds’s software wasn’t the only method used to breach networks as a new form of malware used in the attack was discovered.
Investigators at Moscow-based cybersecurity firm Kaspersky had said the “backdoor” used to compromise up to 18,000 customers of US software maker SolarWinds resembled malware tied to a hacking group known as “Turla,” which operates on behalf of Russia’s FSB security service. Moscow had repeatedly denied the allegations. Experts mentioned three similarities between the SolarWinds backdoor and a hacking tool called “Kazuar” used by Turla made it likely Russian in origin.
The suspected Russia-backed hackers have compromised as many as 250 federal agencies and top firms in the US, by hacking into ‘SolarWinds Orion’ monitoring and management software. The New York Times, in a report, said as businesses such as Amazon and Microsoft that provide cloud computing services are digging deeper for evidence. Microsoft, last week, said that its systems were infiltrated “beyond just the presence of malicious ‘SolarWinds’ code.”
Cyber-attacks have cost Russian firms and citizens up to $49 bn in 2020 as the number of crimes linked to bank cards has shot up by 500%, the country’s largest lender Sberbank said. The private sector remained the most vulnerable as everything from the accounts to financial data and documents was targeted. Over 2.3 mn darknet accounts operating in Russian offer the stolen data. Russians may lose as much as 10 bn roubles from phone fraud this year alone.
Cybersecurity firm Recorded Future has identified 198 victims that were hacked using the SolarWinds backdoor. Hackers further compromised computer networks of these firms by attempting to gain user credentials — what cybersecurity experts call “hands-on keyboard” activity. The number is expected to rise further as the wide-ranging investigation continues. The hackers’ motive remains unknown, and it’s not clear what they reviewed or stole.
Shares in cybersecurity firms FireEye, Palo Alto Networks and Crowdstrike Holdings on Friday rose as market pandits predicated said that disclosures from Microsoft and others global tech firms would push the demand for security tech and related products. More details were revealed of suspected Russian cyber espionage campaign that has computer network security teams across the globe scrambling to limit the damage caused.
Microsoft has confirmed malicious software in its systems which are linked to a massive hacking campaign discovered by the US govt officials earlier this week. The tech giant is also a user of Orion, SolarWinds widely deployed networking management software which was used in the alleged Russian attacks on key USA govt agencies. The hackers, as per reports, also made use of Microsoft cloud offerings Azure while avoiding its corporate infrastructure.
IT company SolarWinds said that products released in March and June 2020 may have surreptitiously tampered within a “highly-sophisticated, targeted and manual supply chain attack by a nation-state.” The statement has come at a time when US intelligence agencies are investigating breaches at several govt departments. The breach is said to be connected to the intrusion at cybersecurity firm FireEye, which is currently believed to be the work of Russians.