Microsoft afferma che il gruppo russo dietro l'attacco SolarWinds ora prende di mira la catena di approvvigionamento IT

Vicepresidente aziendale Microsoft per la sicurezza dei clienti & Trust Tom Burt ha condiviso il “ultima attività” la compagnia ha osservato dall'attore russo Nobelium. Burt, in un post sul blog, said Nobelium was identified by the U.S. government and others as being part of Russia’s foreign intelligence service, known as the SVR.

US COUNTERINTELLIGENCE OFFICIALS WARN OF THREATS FROM CHINA, RUSSIA TO EMERGING TECHNOLOGY

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain,” Burt wrote. “Questa volta, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.

Burt added that Microsoft believes Nobeliumultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.

Microsoft said it began observing Nobelium’s latest activity in May 2021, and said it has been notifyingimpacted partners and customers, while also developing new technical assistance and guidance for the reseller community.

“Da maggio, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” Burt wrote. “We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.

Microsoft said it discovered the campaignduring its early stages,” and said they are sharing developments to cloud service resellers, technology providers, and customers to taketimely steps to help ensure Nobelium is not more successful.

Microsoft said that the attacks on this sector of the global IT supply chain have been a part of alarger waveof Nobelium activities over the summer.

Burt said that between July 1 and Oct. 19, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits.

“A confronto, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,5000 over the past three years,” Burt wrote.

Microsoft warned, anche se, that the activity isanother indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveillingnow or in the futuretargets of interest to the Russian government.

Microsoft, detailing the attacks, explained that it does not appear to be an attempt toexploit any flaw or vulnerability in software,” but rather the utilization ofwell-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.Microsoft said that the companycan now provide actionable information which can be used to defend against this new approach.

Microsoft said it has been coordinating with others in the security community, and has beenworking closely with government agencies in the U.S. and Europe.

While we are clear-eyed that nation-states, compresa la Russia, will not stop attacks like these overnight, we believe steps like the cybersecurity executive order in the U.S., and the greater coordination and information sharing we’ve seen between industry and government in the past two years, have put us all in a much better position to defend against them,” Burt wrote.

WHITE HOUSE CALLS FOR ‘NEW APPROACH’ TO NATIONAL SECURITY CHALLENGES TO ‘PREVAIL’ IN PETITION WITH CHINA

Nel frattempo, a senior administration official explained that the activities Microsoft described taking place wereunsophisticated password spray and phishing attempts for the purpose of surveillance that cybersecurity experts say are attempted every day by Russia and other foreign governments and have been for years.

The official said these types of attempts can be prevented if cloud service providers implementbaselinecybersecurity practices, including multi-factor authentication—a measure to require users to authenticate their accounts with more than a password.

Broadly speaking, the federal government is aggressively using our authorities to protect the Nation from cyber threats, including helping the private sector defend itself through increased intelligence sharing, innovative partnerships to deploy cybersecurity technologies, bilateral and multilateral diplomacy, and measures we do not speak about publicly for national security reasons,” the official told Fox News.

All'inizio di quest'anno, the Biden administration imposed sanctions on Russia for the SolarWinds computer hack, che è iniziato in 2020 when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by the American SolarWinds, gave elite hackers remote access into an organization’s networks so they could steal information.

WHITE HOUSE TO HOST GLOBAL ANTI-RANSOMWARE MEETING; RUSSIA NOT INVITED

All'inizio di questo mese, Biden hosted virtual meetings with more than 30 countries toaccelerate cooperation to counter ransomware,” but the White House did not extend the invitation to Russia, senior administration officials said. The officials noted that the United States and the Kremlin have aseparate channelwhere theyactivelydiscuss the matter.

Officials said that the president established a U.S.-Russia experts group for the U.S. to engagedirectlyon the issue of ransomware.

We do look to the Russian government to address ransomware criminal activity coming from actors within Russia,” ha detto un funzionario, adding that the Biden administration hasalso shared information with Russia regarding criminal ransomware activity being conducted from its territory.

We’ve seen some steps by the Russian government, and are looking to see follow up actions and broader international cooperation is an important line of effort, because these are transnational criminal organizations,” ha detto un funzionario, aggiungendo che loro “leverage global infrastructure and money laundering networks to carry out their attacks.

Biden, during his summit in Geneva with Russian President Vladimir Putin in June, raised the issue of ransomware. Al tempo, Biden said he told Putin thatcertain critical infrastructure should be off limits to attack.Biden said he gave a list of “16 specific entities defined as critical infrastructure,” saying it ranged from energy to water systems.

Mettere in, anche se, during his press conference after the meeting, denied that Russia was responsible for cyberattacks and instead claimed that the most cyberattacks in the world were carried out from the U.S.

Also over the summer, the president signed a national security memo directing his administration to develop cybersecurity performance goals for critical infrastructure in the United States—entities like electricity utility companies, chemical plants, and nuclear reactors.

Nel frattempo, the National Counterintelligence and Security Center last week announced it is prioritizing industry outreach efforts in U.S. technology sectors where the stakes arepotentially greatest” per noi. economic and national security, warning ofnation-state threatsposed by Cina e Russia.

ODNI WARNS CHINA’S COLLECTION OF US HEALTH CARE DATA, DNA POSE ‘SERIOUS RISKSTO ECONOMIC, NATIONAL SECURITY

The NCSC warned that the Kremlinis targeting U.S. advances through the employment of a variety of licit and illicit technology transfer mechanisms to support national-level efforts, including its military and intelligence programs.

NCSC officials warned that Russia is alsoincreasingly looking to talent recruitmentand international scientific collaborations to “progredire” their domestic research and development efforts. NCSC said, anche se, che loro “resource constraintshave forced the Kremlin to focus on “indigeni” research and development efforts, such as Russian military applications of artificial intelligence.

NCSC warned that Russia uses intelligence services, accademici, joint ventures and business partnerships, talent recruitment, foreign investments, government to government agreements, and more to acquire U.S. technologies.

Fox Business’ Meghan Henney contributed to this report.

I commenti sono chiusi.