Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Russia (Page 1 of 2)

Auto Added by WPeMatico

Russian Space Junk Hit a Chinese Satellite in March, Evidence Suggests

1a8bf2dad9f5d47350eac9c7a54b81c9.jpg

The mysterious breakdown of the Yunhai 1-02 satellite in March has likely been solved. The discarded remnants of an old Russian rocket appear to have smashed into the Chinese satellite, in what is an ominous sign of things to come in our increasingly cluttered low Earth orbit.

Read more…

Source: https://gizmodo.com/russian-space-junk-hit-a-chinese-satellite-in-march-ev-1847511922
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: George Dvorsky

Russian hackers breach Republican National Committee

1625609114741.jpg

A hacker group associated with the Russian government breached the computer systems of the Republican National Committee last week in a massive ransomware attack, Bloomberg first reported.

The big picture: The attack follows a separate Russia-based criminal group unleashing an attack that compromised the computer systems of at least 1,000 businesses. No connection has been established between the attacks.


What they’re saying: It is unclear what, if any, information the Cozy Bear hackers found. Danielle Alvarez, the GOP communications director, released a statement saying that while it was informed by Microsoft that their systems may had been exposed, “no RNC data was accessed.”

  • Alvarez added that it “will continued to work with Microsoft, as well as federal law enforcement officials on this matter.”
  • An RNC spokesperson told Bloomberg it is investigating the situation and has already informed the FBI and the Department of Homeland Security.
  • “Over the weekend, we were informed that Synnex, a third party provider, had been breached,” RNC chief of staff Richard Walters said in a statement. “We immediately blocked all access from Synnex accounts to our cloud environment.”
  • “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on the matter.
  • The RNC said it was aware of “few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” per Bloomberg.

Zoom out: Cozy Bear, also known as APT 29, has been tied to the Russian foreign intelligence service and accused of breaching the Democratic National Committee in 2016 as well as carrying out a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine U.S. government agencies.

  • United States and United Kingdom intelligence agencies said in a report Thursday that Russian military hackers over the last three years have tried to access the computer networks of “hundreds of government and private sector targets worldwide” and warned that those “efforts are almost certainly still ongoing.”

Go deeper: U.S., U.K. intel: Russian military hacking attempts “certainly still ongoing”

Source: https://www.axios.com/russian-hackers-breach-republican-national-committee-f4d69a30-338e-45f9-8344-020b29952938.html
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Oriana Gonzalez

The SolarWinds hackers aren’t back—they never went away

"And people reliably click on these emails? Really?"

Enlarge / “And people reliably click on these emails? Really?” (credit: Kremlin official photo)

The Russian hackers who breached SolarWinds IT management software to compromise a slew of United States government agencies and businesses are back in the limelight. Microsoft said on Thursday that the same “Nobelium” spy group has built out an aggressive phishing campaign since January of this year and ramped it up significantly this week, targeting roughly 3,000 individuals at more than 150 organizations in 24 countries.

The revelation caused a stir, highlighting as it did Russia’s ongoing and inveterate digital espionage campaigns. But it should be no shock at all that Russia in general, and the SolarWinds hackers in particular, have continued to spy even after the US imposed retaliatory sanctions in April. And relative to SolarWinds, a phishing campaign seems downright ordinary.

“I don’t think it’s an escalation, I think it’s business as usual,” says John Hultquist, vice president of intelligence analysis at the security firm FireEye, which first discovered the SolarWinds intrusions. “I don’t think they’re deterred and I don’t think they’re likely to be deterred.”

Read 11 remaining paragraphs | Comments

index?i=Ac9xzDKtXsE:cQu0qwbsw6s:V_sGLiPB index?i=Ac9xzDKtXsE:cQu0qwbsw6s:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/05/the-solarwinds-hackers-arent-back-they-never-went-away/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: WIRED

US government strikes back at Kremlin for SolarWinds hack campaign

US government strikes back at Kremlin for SolarWinds hack campaign

Enlarge (credit: Matt Anderson Photography/Getty Images)

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.

In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.

The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.

Read 15 remaining paragraphs | Comments

index?i=jbwDqiZF4UY:MCO6oSD2J-E:V_sGLiPB index?i=jbwDqiZF4UY:MCO6oSD2J-E:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/tech-policy/2021/04/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

FBI charges woman with stealing Pelosi laptop and trying to send it to Russian intelligence

Riley Williams, a 22-year old woman who allegedly participated in the attack on the U.S. Capitol, has been charged by the FBI over her role in the riot. NBC News’s Tom Winter reports that she “told a former partner that she intended to take a laptop / hard drive stolen from Pelosi’s office, ship it to Russia, where a friend would turn it over to the SVR.” — Read the rest

Source: https://boingboing.net/2021/01/18/fbi-charges-woman-with-stealing-pelosi-laptop-and-trying-to-send-it-to-russian-intelligence.html
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Rob Beschizza

Nuclear weapons agency updates Congress on hacking attempt

20200712-hacker-getty-773.jpg

The Department of Energy and the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, told congressional staffers in several briefings this week that there is currently no known impact to its classified systems from a massive hack that targeted its networks, according to an official with direct knowledge of the briefings.

The officials told staffers, however, that the incident has proven how difficult it is to monitor the Energy Department’s unclassified systems, and acknowledged that an issue with a network extension within the Office of Secure Transportation — which specializes in the secure transportation of nuclear weapons and materials — had been discovered.

Energy Secretary Dan Brouillette, DOE’s Chief Information Officer Rocky Campione, and NNSA CIO Wayne Jones all participated in the briefings to the relevant congressional oversight bodies.

The officials told congressional staffers that there was an attempt to breach Los Alamos National Laboratory and the nuclear administration’s field office in Nevada via the vulnerability in a software developed by SolarWinds — a company whose IT management tools are used across the government. The supply-chain attack has affected dozens of federal and private sector entities, who were exploited by suspected Russian hackers as early as March of this year.

The officials said they do not consider either the lab or the field office to have been compromised, and noted that all national labs have been instructed to shut down and fully remove SolarWinds products from their systems.

Still, the department’s investigation is ongoing, the officials said, and neither DOE nor NNSA has a full picture of the impact of the hack — or what it will cost to fix it. The officials said it will probably be expensive to mitigate the damage and prevent it from happening again, but that they are still determining what kind of extra funding and resources the department will need.

The internal investigation has been complex and time-consuming because the compromised SolarWinds software was used widely throughout the nuclear security administration, officials told the staffers — including at the Los Alamos, Lawrence Livermore, and Sandia national labs; NNSA headquarters; NNSA’s Emergency Communication Network; NNSA’s Mixed Oxide Fuel Fabrication Facility, where fuel is made for reactors; the Nevada National Security Site, a disposal site; and Naval Reactors, which provides propulsion plants for nuclear powered ships.

DOE first found evidence of the hack last Monday, officials familiar with the matter said, and began coordinating notifications about the breach to their congressional oversight bodies on Thursday after being briefed by Campione, who oversees DOE’s cybersecurity. Campione told DOE officials last week that, in addition to the labs and the Office of Secure Transportation, suspicious activity had also been found in networks belonging to the Federal Energy Regulatory Commission (FERC), which stores sensitive data on the nation’s bulk electric grid.

Shaylyn Hynes, a DOE spokesperson, said in a statement last week that an ongoing investigation into the hack had found that the perpetrators did not get into critical defense systems.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

Source: https://www.politico.com/news/2020/12/22/nuclear-weapons-agency-congress-hacking-450184
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Natasha Bertrand

Microsoft says hackers backed by Russia and North Korea targeted COVID-19 vaccine makers

GettyImages-1229305401.jpg?w=600

Microsoft has revealed that hackers backed by Russia and North Korea have targeted pharmaceutical companies involved in the COVID-19 vaccine development efforts.

The technology giant said Friday that the attacks targeted seven companies in the U.S., Canada, France, India, and South Korea. But while it blocked the “majority” of the attacks, Microsoft acknowledged that some were successful.

Microsoft said it had notified the affected companies, but declined to name them.

“We think these attacks are unconscionable and should be condemned by all civilized society,” said Tom Burt, Microsoft’s customer security and trust chief, in a blog post.

The technology giant blamed the attacks on three distinct hacker groups. The Russian group, which Microsoft calls Strontium but is better known as APT28 or Fancy Bear, used password spraying attacks to target their victims, which often involves recycled or reused passwords. Fancy Bear may be best known for its disinformation and hacking operations in the run-up to the 2016 presidential election, but the group has also been blamed for a string of other high-profile attacks against media outlets and businesses.

The other two groups are backed by the North Korean regime, one of which Microsoft calls Zinc but is better known as the Lazarus Group, which used targeted spearphishing emails disguised as recruiters in an effort to steal passwords from their victims. Lazarus was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017, as well as other malware-driven attacks.

But little is known about the other North Korea-backed hacker group, which Microsoft calls Cerium. Microsoft said the group also used targeted spearphishing emails masquerading as representatives from the World Health Organization, charged with coordinating the effort to combat the COVID-19 pandemic.

A Microsoft spokesperson acknowledged it was the first time the company had referenced Cerium, but the company did not offer more.

This is the latest effort by hackers trying to exploit the COVID-19 pandemic for their own goals. Earlier this year, the FBI and Homeland Security warned that hackers would try to steal coronavirus vaccine research.

Today’s news coincides with the Paris Peace Forum, where Microsoft president Brad Smith will urge governments to do more to combat cyberattacks against the healthcare sector, particularly during the pandemic.

“Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” Burt said. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate — or even facilitate — within their borders.”

Let’s block ads! (Why?)

Source: https://techcrunch.com/2020/11/13/microsoft-russia-north-korea-hackers-coronavirus-vaccine/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Zack Whittaker

Russia’s Fancy Bear hackers likely penetrated a federal agency

SONY DSC

Enlarge / SONY DSC (credit: Boris SV | Getty Images)

A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.

Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers’ methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia’s GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.

Read 11 remaining paragraphs | Comments

index?i=_WYO4jGbRh8:CGHWBfOOQok:V_sGLiPB index?i=_WYO4jGbRh8:CGHWBfOOQok:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/?p=1711453
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: WIRED

« Older posts