In a blog post published yesterday, Microsoft president Brad Smith said the company was notifying more than 40 customers in the US and beyond that the attackers had targeted. The discovery of the presumed cyber-espionage effort coincides with a period in which the US federal government has been distracted by the presidential election, the transition between administrations, and efforts to “combat disinformation campaigns tied to COVID-19 research and vaccine dissemination”.
The attacks, he added, demonstrate “what’s possible when threat actors gain access to a major vendor's supply chain such as Solar Winds, with more than 300,000 customers.” Lior Div, CEO and co-founder of cybersecurity outfit Cybereason, advised organizations that if they “fit the profile of a ‘high-value target’” to “initiate threat hunting and compromise assessments”. “Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence.”Ĭatch up with the latest cyber warfare news However, in a security advisory issued yesterday, CISA said it had identified potential access vectors other than Orion.įireEye, it noted, has found that the adversary is thwarting detection and network analysis efforts with techniques including steganography, the usage of compromised or spoofed tokens for lateral movement, and time threshold checks to introduce unpredictable delays between C2 communication attempts. SolarWinds has issued a security advisory advising customers on affected products, applying security updates, and mitigation steps. In SEC documents filed on December 14, SolarWinds said that about 18,000 of 33,000 Orion customers had downloaded updates that contained the back door. SolarWinds customers also include the Pentagon, NASA, the Department of Justice, the Office of the President of the United States, all five branches of the US military, and 425 of the US Fortune 500. Orion is used to monitor and manage enterprise network assets such as servers, workstations, mobiles, and IoT devices. The attacks have been linked to Russian state-sponsored cybercrime gang APT29 (AKA Cozy Bear). Last week cyber threat detection firm FireEye became the first organization to reveal that it had fallen prey to the attacks. The recently discovered supply chain attack campaign, which could have begun as early as March, compromised the networks of the US Department of Homeland Security (DHS), and the Treasury, Commerce and energy departments.
The alert goes on to offer detection and remediation advice. The US National Security Agency has published a security advisory advising Microsoft Azure customers that some Microsoft cloud services may have been compromised. The tech giant said it had “not found evidence of access to production services or customer data,” and – although Reuters cited sources claiming otherwise – said it had “found absolutely no indications that our systems were used to attack others.” In a statement, Microsoft confirmed that it had “detected malicious SolarWinds binaries in our environment, which we isolated and removed”. Microsoft Corp says its systems were infected with malware emanating from the SolarWinds breach, a springboard for attacks launched against US government agencies and other enterprises that have emerged over recent days.įirst reported yesterday (December 17) by Reuters, the Microsoft compromise appears to have been precipitated by a trojan lurking within updates to Orion, SolarWinds’ enterprise network management software. State-sponsored campaign is shaping to be one of the most devastating ever
0 kommentar(er)
