Once threat actors gained access to internal networks or cloud infrastructure, CISA said the hackers, believed to be Russian in origin , escalated access to gain administrator rights and then moved to forge authentication tokens (OAuth) that allowed them to access other local or cloud-hosted resources inside a company's network, without needing to provide valid credentials or solve multi-factor authentication challenges.
And here's another article:
Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers
(CNN) US officials and private sector experts investigating the massive data breach that has rocked Washington increasingly believe the attackers were ultimately discovered because they took a more aggressive "calculated risk" that led to a possible "unforced error" as they tried to expand their access within the network they had penetrated months earlier without detection, according to a US official and two sources familiar with the situation.
Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect - The New York Times
Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.
The Trump administration said little in public about the hack, which suggested that while the government was worried about Russian intervention in the 2020 election, key agencies working for the administration — and unrelated to the election — were actually the subject of a sophisticated attack that they were unaware of until recent weeks.
SolarWinds: What We Know About Russia's Latest Alleged Hack Of U.S. Government : NPR
The Pentagon is one of several government entities that have been part of a hack that hinged on a vulnerability in SolarWinds' Orion network monitoring products. Bill Clark/CQ-Roll Call, Inc via Getty Imag hide caption
A massive computer breach allowed hackers to spend months exploring numerous U.S. government networks and private companies' systems around the world. Industry experts say a country mounted the complex hack — and government officials say Russia is responsible.
Many things are taking place:
DoJ confirms email accounts breached by SolarWinds hackers | Hacking | The Guardian
The department plays a key role in rooting out foreign spies, enforcing sanctions and fighting corruption. The department has recently taken increasingly aggressive actions against foreign hackers, unsealing a series of indictments against Russian, Chinese and Iranian cyber spies in the run-up to the US presidential election two months ago.
A justice spokesman, Marc Raimondi, declined to put a precise figure to the number of mailboxes targeted.
Russia has denied responsibility for the hacking campaign, which has been described as one of the most sophisticated operations uncovered in years. But on Tuesday, the office of the US director of national intelligence said Russia was probably behind the hack in the first formal statement of attribution from the Trump administration.
Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At
Acting U.S. Attorney Audrey Strauss said: "From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million J.P. Morgan Chase customers.
Through these various criminal schemes, TYURIN, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds, and TYURIN himself earned over $19 million in profits from his hacking activity.
Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks |
Hackers are being invited to uncover cybersecurity vulnerabilities in the computer systems used by the US military as part of the 'Hack the Army' bug county challenge.
Both military and civilian hackers are being invited to discover and disclose digital vulnerabilities in the US Department of the Army in a program run by The Defense Digital Service (DDS) and HackerOne.
The aim is for cybersecurity researchers to uncover and disclose security vulnerabilities in army systems so they can be resolved before they are discovered and exploited by malicious hackers. Civilian hackers who successfully discover valid security bugs could receive a financial reward .
Delaware County officials paid $25,000 in ransom to hackers who infiltrated the county's computer
Hackers used a malware attack to infiltrate Delaware County's servers in the fall, and then held employees' personal data for ransom, ultimately costing the county $25,000 in ransom to restore access to the data, according to county officials.
The attack was first reported Nov. 24, when county officials said the computer network had been compromised by a hack affecting everything but emergency dispatch and the then-ongoing certification of votes in the presidential election.
Happening on Twitter
🚨🚨🚨 @CISAgov has released a new Alert on post-compromise threat activity in Microsoft cloud environments and too… https://t.co/BBivIuDwdK USCERT_gov (from Washington, DC) Fri Jan 08 19:43:14 +0000 2021
The Russia-linked hackers behind a devastating breach of US government and commercial networks gave themselves top… https://t.co/f0j3Vgt391 CNN Sat Jan 09 00:44:06 +0000 2021
CISA: SolarWinds hackers also used password guessing to breach targets https://t.co/KPWJGUHbYX by @campuscodi ZDNet (from USA | UK | Asia | Australia) Fri Jan 08 21:36:40 +0000 2021
Breaking: ODNI, NSA, FBI & CISA issue joint statement identifying SolarWinds cyber attack as "likely Russian in ori… https://t.co/ybe6I2F5Ug jimsciutto (from Washington, DC & New York, NY) Tue Jan 05 20:26:59 +0000 2021
No comments:
Post a Comment