Us investigator: massive hacker attack goes far beyond solar winds

US Investigator: Massive hacker attack goes far beyond solar winds

The severe cyber attack on government institutions and companies in the US moves more and more circles. Providers there have been found according to their own information that the alleged spy operation was significantly higher than the compromising of the small software provider SolarWinds. So far, its network management platform Orion was considered as the main invade gate for the hackers.

Attack without direct connection to solar winds

Around 30 percent of the victims of the private sector’s attack and on behavior had no direct connection to solar winds, Brandon Wales, Officing Director of Cybersecurity and Infrastructure Security Agency (CISA) counterwares Wall Street Journal. The attackers "gave access to different ways" To your goals. "This opponent was very creative", The officer whose authorities coordinated to the Department of Homeland Security and the defense and declaration measures in the US.

The operation should not be considered long as a pure solar wind incident, emphasized Wales. Experts from the economy come according to the report at the same conclusion. Last week, about the also affected IT security firm Malwarebytes said that a series of e-mail accounts were compromised in the Microsoft Cloud Azure of the same attackers. These but have penetrated a different way than in the case of solar winds.

Open Source Tool for "Unusual activities" in azure

The new findings, according to the newspaper, the revenation that weak points were exploited in enterprise software, which used millions of millions of people. The hackers were obviously invaded in a variety of systems by making more or less well-known security swaging in software products and guessed online passwords. According to the attackers, the investigators should also have benefit peculiarities in the way to configure Microsoft Cloud-based software.

CISA warned young "ongoing threats" In the cloud environment. It has been observed that a striking actor in a victim compromised applications in the Azure environment of Microsoft’s Buropaket 365 use and gain access to cloud resources of private and public sector organizations with additional credentials and programming interfaces. The cyber safety workers published a free open source tool to "Unusual and potentially bosy activities" can recognize in azure.

Numerous ministries and agents affected

Microsoft had snapped on New Year’s Eve that the wire knives behind the occurrence of access to one "Small number of internal accounts" had had employees in the internal corporate network. An account should have used the hackers to "Source text in a row" to see striking directories. However, the account was not linked to a permission, "Code or technical systems to others". To the current report, the security team of the software conscious did not exert himself so far.

It was already known that the attackers stored by US intelligence in Russia used the Malware Sunburst and this at least since the spring of the year of contaminated updates for Orion on systems of up to 18.000 Customers of the service provider including Microsoft Schuruses. Among them were numerous ministries and agents. The Schadling installed a backtore and thus led the time of infected systems from afar in the ways.

Other attacks – also on Microsoft 365 accounts

The so far unidentified group had previously successfully attacked the IT security company Fireeye. At the end of the year, Crowdstrike reported to be taken into sights by the attackers – but without having to have scores. The hackers should have used Microsoft Resellers.

Over the week, further security companies reported to unusual attacks, which they now associate with the ominosen group. For example, the e-mail security provider MIMECAST informed that hackers had used one of his programs against him to view Microsoft 365 accounts from customers. Fidelis Cybersecurity proceeds to an online attack. Qualities confessed one, but they have "No impact on our production environment" lust. Data was not completed.

Cybersecurity companies as Gatekeeper are a rewarding goal

Palo Alto Networks ranked in the rips of the affected cyber security companies, but could ward off the attack by their own representation. Ryan Gillis, who is responsible for the company for strategy and global guidelines, spoke against the agency Bloomberg of a "Even ongoing, sophisticated attack". Organizations he advised he represents the supply chains of their IT infrastructures with a focus on the forelegal. Cybersecurity companies present as a gatekeeper a worthwhile goal as they should guard third parties of third parties and at the same time often have remote access to it.

The US senators Ron Wyden and Cory Booker from the Democrats and eight members of the Preptian House called on the NSA on Friday, to learn their own maws to protect the government before attacks on supply chains like the solar wind hack. Four years ago, it has become known that Juniper also accidentally delivered software updates with harmful codes. The case has never been officially clarified.

According to the representatives, researchers discovered later, "that Juniper had used a closing algorithm developed by the NSA, from the expert long claimed, he contains a backtore". The key to this backdoor was then probably modified. The US burger had a right to know why the NSA did not act in the sense of those affected. Also 15 German ministries and resistances used products of SolarWinds according to the Federal Government. At least via Sunburst, however, no unauthorized access to the federal administration systems should be.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: