Russian group behind SolarWinds crash steps up hacking efforts, analysis finds


The Russian government-linked hacking group behind one of the largest cyber espionage incidents in U.S. history has only stepped up its hacking efforts over the past year, according to a study published Monday.

Mandiant cybersecurity group released on Monday results showing how the group, known as “Nobelium” or “UNC2452”, continued to target governments and businesses, focusing on technology solutions and services groups, as well as technology vendors, and using new tactics to make it more difficult to trace threat activity and maintain access to networks.

“This intrusion activity reflects a well-resourced set of threat actors operating with a high level of concern for operational security,” Mandiant researchers wrote in the report. “While Mandiant cannot currently place more confidence in this activity, the operational security associated with this intrusion and third-party exploitation is consistent with the tactics employed by the actors behind the SolarWinds compromise. “

The new activity was announced by Mandiant almost exactly a year after the company, formerly known as FireEye, announced that its systems had been breached by “a nation with leading offensive capabilities.”

The announcement of the old FireEye was the first public clue of a massive spy campaign that had unfolded for most of 2020, known as the SolarWinds hack due to hackers using a vulnerability in the software from the computer company SolarWinds to violate customer networks, among other avenues of attack.

At least nine federal agencies and 100 private sector groups have been violated as a result, and President BidenJoe Biden: China considers military base on Africa’s Atlantic coast: Biden report orders flags to be hoisted half-length until December 9 to honor Dole Biden traveling to Kansas City to promote PLUS infrastructure package imposed sanctions on Russia in April in retaliation.

“This time around they are hacking a lot of different companies and using those companies as entry points to the ultimate target they are trying to get into”, Charles Carmakal, Mandiant senior vice president and chief technology officer told The Hill in an interview ahead of the release of the results.

“They are the most advanced adversary we deal with in the western world,” Carmakal said.

Tensions between the United States and Russia have escalated over the past year, and cybersecurity concerns have been a key topic of conversation between President Biden and President of Russia. Vladimir PoutineVladimir Vladimirovich Putin Ukraine dismisses allegations it violated Belarusian airspace Ernst over Russia’s build-up on Ukrainian border: “We must prepare for the worst” Biden cannot allow his domestic escapes to end move onto the world stage PLUS at their in-person meeting in Geneva in June. Cybersecurity is also expected to be on the agenda of their call on Tuesday.

Mandiant hasn’t been the only group to follow Nobelium since it was linked to the SolarWinds hack.

Microsoft disclosed in May that he had access to an email marketing account used by the US Agency for International Development, targeting 150 organizations in two dozen countries using the vulnerability. In October, Microsoft warned that Nobelium targeted groups involved in the global IT supply chain, unsuccessfully attacking thousands of Microsoft customers.

“They have incredible operational security, they have incredible diligence, they have a lot of patience, they are different from most of the threat actors that we deal with, so we are trying to do what we can to help our customers. eradicate this threatening actor from their networks, ”Carmakal said.


Comments are closed.