Techrecipe

Russia points to massive cyber attacks by government agencies

In December 2020, there was a report that the U.S. government had suffered a massive cyber attack, which caused damage, including monitoring the contents of emails. Until now, the U.S. government has avoided official mention of specific countries supporting hackers, but in a newly released official statement accuses the hacker group of being organized by Russia.

The massive cyber attack reported in December revealed that a group of hackers spread the Trojan horse malware (SUNBURST) with an update to Orion, an IT infrastructure management system of SolarWinds, a cybersecurity company that targets government agencies. done.

Sunburst includes a backdoor that communicates with an external server through HTTP, performs file transfer, file execution system, profiling system, reboot system, service deactivation, etc., and steals data by pretending to be Orion’s normal operation. Solarwind says the hacker attack is a passive supply chain attack by a sophisticated and precisely targeted country.

According to security firm FireEye, several update files that hid Sunburst in March-May 2020 were released, some of which also included official digital signatures by Solarwind. In response to this situation, the US government issued an emergency warning to end the use of Orion, and Microsoft is responding by confiscation of domains used for hacking.

The malicious code in question was distributed to up to 18,000 organizations and companies, and state agencies such as the U.S. Treasury Department, the National Telecommunications Information Administration NTIA, the U.S. National Institutes of Health, the cybersecurity infrastructure security agency CISA, the U.S. Department of Homeland Security and the U.S. It is said to have been worn. Microsoft President Brad Smith said it was one of the most serious cyberattacks he had seen in the last decade.

In response to a series of attacks, security companies are pointing out the connection with APT29 (CozyBear), a group of hackers previously supported by the Russian government. U.S. Secretary of State Mike Pompeo also expressed personal views that Russia was involved in cyber attacks, but at the time the U.S. government did not officially link a group of hackers to a specific country.

However, in an official statement released on January 5, 2021, the integrated task force, which was established by the U.S. National Security Council in response to this cyber attack, is highly likely to originate in Russia. It showed that attackers were responsible for most or all of the cyber breaches found in government and private networks.

The statement also points out that among the 18,000 organizations that have updated the Orion platform, fewer have suffered a critical second-stage breach in stealing data. It is reported that fewer than 10 US government agencies have been subject to data breaches so far, and government and private sector employees have returned Christmas and New Year’s holidays to investigate and repair damage.

It is also paying attention to the fact that in this statement, hacking through Solarwind was an information gathering activity. In the background of clearly asserting that hacking was the purpose of collecting information, it is interpreted that there is an intention to put an end to the conspiracy theory that a series of hacks were done to influence the outcome of the 2020 presidential election. Related information can be found here .