Washington – Microsoft Corporation indicated through a blog publication that at least 40 of its customers were victims of the electronic intrusion campaign allegedly perpetrated by a group of hackers known as Cozy Bear with ties to various intelligence and government espionage services From Russia.
Similarly, the cybersecurity division of the Department of Homeland Security (Homeland Security) warned today, Friday, that the campaign of attacks perpetrated against multiple agencies of the federal government is carried out through other vectors and unknown vulnerabilities, and not only through SolarWinds Orion Network Monitoring Program.
According to information provided by Microsoft, which was also the target of attacks, 44 percent of the affected companies and agencies work in information technology, while government agencies, which represent 18 percent, work in finance and security sectors. national, health and telecommunications.RELATED
Meanwhile, the Homeland Security Cybersecurity and Infrastructure Security Agency warned that the vulnerability discovered in the Orion program is not the only attack vector, as other companies that do not use the application have reported having been victims of intrusions, which suggests that the hacking group has other tools to break into systems.
During this day, both the Department of Energy and its subsidiary, the National Nuclear Security Administration (NNSA), found evidence that they were also attacked. The NNSA is in charge of nuclear weapons development, counterterrorism activities, and ensures the physical security of the United States’ nuclear arsenal.
The Sandia and Los Alamos national laboratories, the Energy Regulatory Commission, and a Richland regional office in charge of cleaning up a plutonium factory that closed in the 1970s were also attacked.
Other agencies that were victims of attacks, or that remain under attack, since at least March, include the Departments of Teroso and Commerce, among many other government agencies and private companies.
The malware was integrated into various versions of the Orion program for monitoring and managing communications networks. Once activated, the Sunburst malware performs a network test and sends the information to outsiders, who then activate a second stage of the program, Teardrop. Treadrop installs the Cobalt Strike program, a penetration tool that searches for vulnerabilities to gain access to other systems.
With this access, the group not only obtained privileged information, but the usernames and passwords of legitimate users. A keylogger also captured text entered via keyboards.
Donald Trump’s silence
AP – All the accusing fingers point to Russia as the source of the most serious hack that the United States government agencies have suffered. But President Donald Trump, usually reluctant to accuse Moscow of cyberattacks, is silent.
The lack of a statement holding Russia accountable casts doubt on the possibility of a swift response and makes it regrettable that any retaliation – be it through sanctions, criminal charges or cyber measures – will be left to the next government chaired by Joe Biden.
“It seems to me that the incoming government wants a menu of options and then they will decide,” said Sarah Mandelson, a former US ambassador to the UN Economic and Social Council. “A gradual attack? An assault in order? How far do you want to go as soon as the mandate begins? “
By the way, governments often refrain from raising public accusations of cyber-piracy until they have sufficient evidence. US officials say it was only recently that they became aware of extremely serious security breaches in the many agencies where foreign intelligence agents were able to act undetected for about nine months. But Trump’s response, or lack thereof, is the subject of much attention because he is focused on a futile effort to reverse the election result and has always refused to publicly acknowledge the interference of Russian hackers in the presidential election of 2016 in his favor.
It is not clear what measures Biden could take or to what extent his response would be conditioned by criticism of the government of Barack Obama, of which he was vice president, for not being aggressive enough to prevent interference in 2016. He gave some clues in a statement on Thursday by stating that his government will be proactive in preventing cyberattacks and will impose costs on adversaries who perpetuate them.
Government statements so far have not mentioned Russia. Asked about Russian interference during a radio interview on Monday, Secretary of State Mike Pompeo acknowledged that Russia always tries to penetrate US servers, but quickly turned to threats from China and North Korea.