What happened?
On December 14, it became known that allegedly Russian hackers had hacked the systems of the US Treasury and
A team of sophisticated hackers believed to be working for the Russian government gained access to internal communications of the US Department of Homeland Security.
Quote from the material Reuters
The Cozy Bear faction is behind the attack (alsoknown as APT29), which is associated with the Russian special services, told the interlocutors of The Washington Post. Hackers managed to gain access to e-mail of employees of departments. It is assumed that this happened in the spring of 2020.
These same hackers allegedly hacked into the systems of the State Department and the White House during the presidency of Barack Obama. Reporters said APT29 had attacked cybersecurity firm FireEye a week earlier.
The media reported that hackers spent several monthsmonitored emails of NTIA employees as a result of the Microsoft Office 365 hack. It is believed that this happened in the spring of 2020. The FBI is investigating the incident.
One source told Reuters that the hackturned out to be serious, because of him it was necessary to convene a meeting of the National Security Council on December 12. Sources at The New York Times called the hacking one of the largest attacks on US government systems in the past five years.
Read more about the group Cozy Bear, which is accused of the attack
This hacker group, according to Western intelligence services, operates under the auspices of the FSB.
Cozy Bear focuses on preyinformation necessary for making decisions on foreign policy and defense. The group's main victims are governments of Western countries and organizations associated with them: ministries, agencies, think tanks, executors of government orders.
Also their victims were governments.member countries of the CIS, Asia, Africa, the Middle East; organizations associated with Chechen separatists; and Russian-speaking drug dealers. According to the Dutch General Intelligence and Security Service, the Russian Foreign Intelligence Service is behind this group.
The faction has a wide selection in its arsenaltools - malicious software. In the mid-2010s, one can observe a group of massive spear phishing operations against hundreds (sometimes thousands) of correspondents from various government and related organizations.
In addition to massive attacks, the groupperforms operations on a smaller scale, more precise and using a different set of tools. The victims of these narrowly focused operations were on the radar of the Russian government at the time of the attacks.
How was the cyberattack organized?
The cyberattack likely happened through updatesIT company SolarWinds, which also serves the US government. SolarWinds has confirmed that its updates, released between March and June 2020, may have been exploited by the "nation state."
Cybersecurity and Defense Agency firstInfrastructure USA (CISA) warned that the hackers were well prepared and well resourced, making their attack a "serious threat" to the US government, state and communal governments, key infrastructure and the entire private sector. The exact number of companies and government agencies affected by the cyber attack, as well as the stolen amount of information, is still unknown.
According to Bloomberg, for illegal accessnot only the SolarWinds platform, but also other objects could use to critical structures. Reuters sources said that hackers could use Microsoft's cloud services. The company itself did not reveal any signs of using its products to attack other users, but admitted that it found related SolarWinds executables in its environment.
Who was affected by the hack?
Russian hackers who hacked the systems of the Ministry of Finance andDepartment of Commerce, used SolarWinds software for cyberattacks. According to WSJ, up to 18,000 of its clients could have received the malicious code.
As a result, SolarWinds shares fell by24.64% for two days of trading this week. The company's shares began to fall on Monday after news that hackers had used the company's software to infiltrate the Treasury and Commerce Department systems.
In addition, another cybersecurity company, FireEye, was attacked: a software package was stolen from it.
As a result, hackers associated with Russian intelligence services gained access to the network of the US Department of Homeland Security, Reuters reports.
According to them, several months ago hackersmanaged to hack the email traffic of the US Treasury Department and the National Telecommunications and Information Administration (NTIA). The attack was so serious that the National Security Council convened an emergency meeting, which was held on December 12.
Have there been such cyberattacks?
This is not the first time Russian hackers have used suchschema, WSJ notes. In 2017, a group allegedly associated with Moscow tried a similar method in Ukraine. Then the Ukrainian developer M. E. Docs reported that its software was used to spread the Petya.A virus.
How did the Russian side react to the accusations?
Russian authorities traditionally deny the accusationsin cyber attacks. The Russian Embassy in the United States called media publications “another baseless attempts to blame Russia for hacker attacks.” According to him, Russia “does not conduct ‘offensive’ operations in a virtual environment.”
We declare responsibly: attacks in the information space are contrary to the foreign policy principles of our country and its national interests.
Representatives of the Russian Embassy in the USA
Read also
Check out the most beautiful pictures of Hubble. What has the telescope seen in 30 years?
In Russia, they created a durable material from garbage to cover roads
Extraterrestrial life is found in meteorites. What is known about her and where is she from?