Solarwinds_office_building.jpg

U.S., U.K. Reveal Code Flaws Abused by SolarWinds Hackers

The U.S. and U.K. released details on Friday about how Russia’s foreign intelligence service operates in cyberspace, the latest effort to try to disrupt future attacks.

(Bloomberg) -- The U.S. and U.K. released details on Friday about how Russia’s foreign intelligence service operates in cyberspace, the latest effort to try to disrupt future attacks.

The report contains technical resources about the group’s tactics, including breaching email in order to find passwords and other information to further infiltrate organizations, in addition to providing software flaws commonly exploited by the hackers. It also offers details about how network administrators can counter the attackers’ tactics.

“The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, health-care and energy targets globally for intelligence gain,” the two countries wrote in a Friday report authored jointly by the U.K.’s National Cyber Security Centre and three U.S. agencies, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.

The Russian Embassy in Washington didn’t immediately respond to a request for comment about the report.

The report comes a month after President Joe Biden imposed sanctions on Russia following a supply-chain attack that compromised popular software by the Texas-based firm SolarWinds Corp. in order to break into nine government agencies and at least 100 private-sector companies. Biden attributed the attack to the SVR, Russia’s civilian foreign intelligence service. SVR’s hacking group is known by different names, including APT29, Cozy Bear and The Dukes.

“The SVR is a technologically sophisticated and highly capable cyber-actor. It has developed capabilities to target organizations globally, including in the U.K., U.S., Europe, NATO member states and Russia’s neighbors,” according to the report.

Last year, the two countries accused the same hacking group of targeting organizations involved in developing a vaccine for Covid-19. Cybersecurity analysts have also tied the group to attacks against governments and organizations across the globe, including an infamous attack on the Democratic National Committee’s servers ahead of the U.S. 2016 election.

“Like other sophisticated cyber-actors, the SVR is known to rapidly exploit vulnerabilities once publicly known,” said Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency.

“We recommend that critical system owners, including state and local governments and private-sector partners, prioritize this advisory and apply recommended actions to mitigate this ongoing and evolving SVR cyber threat,” he said in an emailed statement.

The U.S. released two other advisories focused on SVR hackers in April, which detailed coding flaws they used to breach networks in the U.S. and allied countries as well as tactical trends for which network defenders should prepare.

Friday’s report revealed that the group also utilized a vulnerability in Microsoft Corp.’s Exchange software for email, a flaw which was previously exploited by suspected Chinese hackers to target thousands of organizations earlier this year.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish