One of the Most Extensive Hacking Campaigns
Russia's suspected hacking operation targeted 5 US agencies, 18K entities
The U.S. State Department, Department of Homeland Security (DHS), and elements of the Department of Defense have reported being compromised. Those government branches join earlier assessments confirming that the Departments of Treasury and Commerce had been breached in what investigators believe to be a mass-scale Russian intelligence operation.
However, SolarWinds' clientele roster traverses some 300,000 organizations – including other highly-sensitive federal agencies ranging from the Department of Justice and the Centers for Disease Control – as well as thousands of private companies.
Almost all Fortune 500 companies are reported to use SolarWinds products to scan their networks, including major defense contractors such as Boeing, according to the New York Times.
"In a nutshell, SolarWinds' Orion product provides centralized monitoring across an organization's entire IT stack. That means the attackers who were able to compromise this platform had an extremely high level of access to all of these client systems," David Kennedy, CEO of TrustedSec
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
auntblabby
Veteran
Joined: 12 Feb 2010
Gender: Male
Posts: 114,571
Location: the island of defective toy santas
auntblabby
Veteran
Joined: 12 Feb 2010
Gender: Male
Posts: 114,571
Location: the island of defective toy santas
The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message Thursday. The Department of Energy acknowledged it was among those that had been hacked.
At the Department of Energy, the initial investigation revealed that malware injected into its networks via a SolarWinds update has been found only on its business networks and has not affected national security operations, including the agency that manages the nation’s nuclear weapons stockpile, according to its statement. It said vulnerable software was disconnected from the DOE network to reduce any risk.
Members of Congress said they feared that taxpayers’ personal information could have been exposed because the IRS is part of Treasury, which used SolarWinds software.
Tech giant Microsoft, which has helped respond to the breach, revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
Source: Suspected Russian hack against US is 'grave' threat, cybersecurity agency says
I personally believe we have returned to a cold war posture with Russia and China for 15 years now and most Americans are living in the grand fog of illusion.
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
That last paragraph of yours belongs on t-shirts, bumper stickers, and yard signs.
It is absolutely true.
Any country or government that can commit an act of destruction and aggression during one of the ENTIRE WORLD’S time of pain and loss and panic deserves contempt and mistrust and a pullback of any manufacturing being done there by American companies.
_________________
Sylkat
Student Body President, Miskatonic University
The President himself has proclaimed that Russia is not the culprit. I wish I knew how he can claim to care about our national security and still defend every malicious act Russia commits against us.
At the moment according to U.S. Intelligence, the culprit is UNKNOWN. Russia is the primary suspect. But there are other players on the board including the Chinese, the North Koreans, the Iranians. The complexity of the hack implies it is a nation state that has sponsored the hack attack.
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
At the moment according to U.S. Intelligence, the culprit is UNKNOWN. Russia is the primary suspect. But there are other players on the board including the Chinese, the North Koreans, the Iranians. The complexity of the hack implies it is a nation state that has sponsored the hack attack.
In which case we simply don't know and it's irresponsible for the Commander in Chief to proclaim otherwise.
What we should be doing is hanging our heads in shame that we elected a President whose neglect of National Security has left us in such a vulnerable position. Frankly, I'm getting scared. We are now sitting ducks for any foreign power that wants to take advantage of us militarily. The President should face some sort of justice for damaging our National Security posture to this extent in just one term. This sort of justice can't be avoided by any sort of pardon.
In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people. The final estimate of the number of people impacted is 22.1 million. This includes records of people who had undergone background checks, as well as their friends and family, many of whom were not government employees. It has been described by federal officials as among the largest breaches of government data in the history of the United States. On June 11, 2015, ABC News also said that highly sensitive 127-page Standard Forms (SF) 86 (Questionnaire for National Security Positions) [security clearances background checks] were put at serious risk by the hack. SF-86 forms contain information about family members, college roommates, foreign contacts, and psychological information.
J. David Cox, president of the American Federation of Government Employees, wrote in a letter to OPM director Katherine Archuleta that, based on the incomplete information that the AFGE had received from OPM, "We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees." Cox stated that the AFGE believes that the breach compromised military records, veterans' status information, addresses, dates of birth, job and pay history, health insurance and life insurance information, pension information, and data on age, gender, and race.
The stolen data included 5.6 million sets of fingerprints.
According to the Wall Street Journal, U.S. government officials suspect that Chinese hackers perpetrated the breach. The Washington Post has also reported that the attack originated in China, citing unnamed government officials. China has responded to these claims by noting that it has been the target of cyberattacks in the past. The House Committee on Oversight and Government Reform report on the breach strongly suggested the attackers were state actors due to the use of a very specific and highly developed piece of malware. U.S. Department of Homeland Security official Andy Ozment testified that the attackers had gained valid user credentials to the systems they were attacking, likely through social engineering. The breach also consisted of a malware package which installed itself within OPM's network and established a backdoor. From there, attackers escalated their privileges to gain access to a wide range of OPM's systems. Ars Technica reported that at least one worker with root access to every row in every database was physically located in China. Another contractor had two employees with Chinese passports.
Source: Wikipedia
So I guess you are also including the former Commander-in Chief Obama in your comments.
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.
This happened 5 years ago and the lesson should have been learned. What happened this month is at least 2 orders of magnitude worse and is inexcusable.
Microsoft researchers say a second unidentified hacking team installed a backdoor in the same SolarWinds network software that facilitated a massive cyber espionage campaign, as the number of victims in the attack rose to 200.
The second backdoor, dubbed SUPERNOVA by security experts, appears distinct from the SUNBURST attack that has been attributed to Russia, raising the possibility that multiple adversaries were attempting parallel attacks, perhaps unbeknownst to each other.
This is a heatmap by Microsoft that shows the locations of known victims of the breach.
The hack began as early as March when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by U.S. company SolarWinds, gave elite hackers remote access into an organization's networks so they could steal information.
It wasn't discovered until the prominent cybersecurity company FireEye determined it had been hacked. Whoever broke into FireEye was seeking data on its government clients, the company said - and made off with hacking tools it uses to probe its customers' defenses.
Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.
The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.
The initial contact domain would often direct the malware to a new internet protocol (IP) address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make detection of the traffic more difficult.
Source: Microsoft discovers SECOND hacking team dubbed 'Supernova' installed backdoor in SolarWinds software in March - as Feds say first Russian 'act of war' cyber attack struck at least 200 firms and US federal agencies
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
The Journal identified infected computers at two dozen organizations that installed tainted network monitoring software called SolarWinds Orion that allowed the hackers in via a covertly inserted backdoor. It gave them potential access to scores of sensitive corporate and personal data. Among them: technology giant Cisco Systems Inc., chip makers Intel Corp. and Nvidia Corp., accounting firm Deloitte LLP, cloud-computing software maker VMware Inc. and Belkin International Inc., which sells home and office Wi-Fi routers and networking gear under the LinkSys and Belkin brands. The attackers also had access to the California Department of State Hospitals and Kent State University.
It isn't yet known what the hackers did inside the various organizations, or if they even used the backdoors for many of the companies. But investigators and security experts say that besides internal communications and other government secrets, hackers may have sought emails of corporate executives, files about sensitive technologies under development, and other ways to compromise more systems later.
The uncertainty has left SolarWinds' customers -- which include major technology companies, more than 400 Fortune 500 companies and many government agencies -- scrambling to determine the fallout and whether the hackers remain inside.
Source: Solarwinds hack victims: From tech companies to a hospital and university
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
Former intelligence officials told ForeignPolicy.com that China also stepped up hacking efforts by targeting biometric and passenger data from transit hubs, including Bangkok's international airport.
These moves between 2010 and 2012 allowed Beijing to build an infrastructure required to steal large datasets and easily sift through the information, according to a former senior NSA official, which paved the way for China's successful hack of the U.S. Office of Personnel Management, where sensitive personnel data related to health, residency, employment, fingerprint, and financials were stolen from 21.5 million current and former U.S. officials, their spouses, and job applicants.
A former counterintelligence executive said that while the OPM breach was not disclosed by the United States until 2015, U.S. intelligence officials became aware of the initial hack around 2012. One former senior national security official said that the OPM hack "opened up a global Pandora's box of problems," which would lead to additional cyberattacks going forward.
William Evanina, the United States’ top counterintelligence official, told the outlet that China is "one of the leading collectors of bulk personal data around the globe, using both illegal and legal means.” “Just through its cyberattacks alone, the PRC has vacuumed up the personal data of much of the American population, including data on our health, finances, travel and other sensitive information,” Evanina added.
Source: China used stolen data to track CIA operatives in Africa, Europe
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
The Commerce Department has published a list of Chinese and Russian companies on Tuesday with alleged military ties, which limits them from purchasing a wide range of U.S. goods and technology.
China
Academy of Aerospace Solid Propulsion Technology (AASPT);
The following eight subordinate institutions of Aero-Engine Company of China: AECC Aero Science & Technology Co. Ltd.; AECC Aviation Power Co. Ltd.; AECC Beijing Institute of Aeronautical. Materials; AECC China Gas Turbine Establishment; AECC Commercial Aircraft Engine Co. Ltd.; AECC Harbin Dongan Engine Co., Ltd.; AECC Shenyang Liming Aero Engine Co., Ltd.; and AECC South Industry Company Limited;
Anhui Yingliu Hangyuan Power;
The following seven subordinate institutions of Aviation Industry Corporation of China: AVIC Aircraft Co. Ltd.; AVIC Chengdu Aircraft Industrial (GROUP) Co., Ltd.; AVIC Flight Automatic Control Research Institute (FACRI); AVIC General Aircraft Huanan Industry Co. Ltd.; AVIC General Aircraft Zhejiang Institute Co., Ltd.; AVIC International Holding Corporation; AVIC Leihua Electronic Technology Research Institute (LETRI);
Baimtec Material Co., Ltd.;
Beijing Aero Lever Precision Ltd.;
Beijing Ander Tech. Co., Ltd.;
Beijing Guang Ming Electronics Co., Ltd.;
Beijing Siyuan Electronic Co., Ltd.;
CAST Xi’an Spaceflight Engine Factory;
Chengdu Holy Aviation Science & Tech;
China Aviation Ind. Std. Parts;
CSSC Xijiang Shipbuilding Co., Ltd.;
Elink Electronic Technology Co., Ltd.;
Fly Raise International Limited;
Fuhua Precision Man. Co.;
Government Flying Service;
Guangzhou Hangxin Aviation Technology Co., Ltd.;
Guizhou Aviation Tech. Dev. Nat.;
Guizhou Liyang Intl Manufacturing Co., Ltd.;
Hafei Aviation Industry Co., Ltd. (HAFEI);
Hangzhou Bearing Test & Research Center Co., Ltd.;
Harbin General Aircraft Industry Co., Ltd.;
Henan Aerospace Precision Mach;
Hunan South General Aviation Engine Co., Ltd.;
Hutchison Optel Telecom Technology Co., Ltd.;
Jiangsu Meilong Aviation Components Co.;
Jiatai Aircraft Equipment Co., Ltd.;
Jincheng Group Imp & Exp. Co., Ltd.;
Laboratory of Toxicant Analysis, Institute of Pharmacology and Toxicology;
Molecular Devices Shanghai Corporation;
Nanjing Engineering Institute of Aircraft Systems (NEIAS);
National Satellite Meteorological Bureau;
Second Institute of Oceanography, Ministry of Natural Resources;
Shaanxi Aero Electric Co., Ltd.;
Shaanxi Aircaft Industry Co., Ltd.;
Shanghai Aerospace Equip. Man.;
Shanghai Aircraft Design and Research Institute;
Shanghai Aircraft Manufacturing Co., Ltd. (SAMC);
Shanghai Tianlang Electronic Science Co., Ltd.;
Shenyang Academy of Instrumentation Science Co., Ltd.;
Shenyang Aircraft Corporation;
Shenyang Xizi Aviation Industry Co., Ltd.;
Sichuan Hangte Aviation Tech. Co., Ltd.;
Star Tech Aviation Co., Ltd.;
Sumec Instruments Equipment Co., Ltd.;
Suzhou Eric Mechanics and Electronics Co., Ltd.;
Wuxi Hyatech Co., Ltd.;
Wuxi Paike New Mat. Tech. Co., Ltd.;
Wuxi Turbine Blade Co. Ltd.;
Xac Group Aviation Electronics Import & Export Co. Ltd.;
XAIC Tech (Xi’an) Industrial Co., Ltd.;
Xian Aero-Engine Controls Co., Ltd.;
Xian Aircraft Industrial Company Limited;
Xi’an Xae Flying Aviation Manufacturing Technology Co., Ltd.;
Xian Xr Aero- Components Co., Ltd.;
Yibin Sanjiang Machine Co., Ltd.; and
Zhejiang Perfect New Material Co., Ltd.
Russia
Admiralty Shipyard JSC;
Aleksandrov Scientific Research Technological Institute NITI;
Argut OOO;
Communication center of the Ministry of Defense;
Federal Research Center Boreskov Institute of Catalysis;
Federal State Budgetary Enterprise of the Administration of the President of Russia;
Federal State Budgetary Enterprise Special Flight Unit Rossiya of the Administration of the President of Russia;
Federal State Unitary Enterprise Dukhov Automatics Research Institute (VNIIA);
Foreign Intelligence Service (SVR);
Forensic Center of Nizhniy Novgorod Region Main Directorate of the Ministry of Interior Affairs;
Irkut Co.;
Irkut Research and Production Corporation Public Joint Stock Company;
Joint Stock Company Scientific Research Institute of Computing Machinery;
JSC Central Research Institute of Machine Building (JSC TsNIIMash);
JSC Rocket and Space Centre – Progress;
Kamensk-Uralsky Metallurgical Works J.S. Co.;
Kazan Helicopter Plant PJSC;
Komsomolsk-na-Amur Aviation Production Organization (KNAAPO);
Korporatsiya Vsmpo Avisma OAO;
Ministry of Defence RF;
Molot Oruzhie;
NPO High Precision Systems JSC;
NPO Splav JSC;
Oboronprom OJSC;
PJSC Beriev Aircraft Company;
PJSC Irkut Corporation;
PJSC Kazan Helicopters;
POLYUS Research Institute of M.F. Stelmakh Joint Stock Company;
Promtech-Dubna, JSC;
Public Joint Stock Company United Aircraft Corporation;
Radiotechnical and Information Systems (RTI) Concern;
Rapart Services LLC;
Rosoboronexport OJSC (ROE);
Rostec (Russian Technologies State Corporation);
Rostekh – Azimuth;
Russian Aircraft Corporation MiG;
Russian Helicopters JSC;
Sukhoi Aviation JSC;
Sukhoi Civil Aircraft;
Tactical Missiles Corporation JSC;
Tupolev JSC;
UEC-Saturn;
United Aircraft Corporation;
United Engine Corporation; and
United Instrument Manufacturing Corporation.
Source: Trump administration publishes list of Chinese, Russian companies with alleged military ties
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."
Russia's use of hacking to advance its geopolitical agenda initially focused mainly on targets in ex-Soviet countries. A 2007 cyberattack in Estonia disabled websites of the government, banks and newspapers. Later attacks in Ukraine and Georgia knocked out power supplies, disrupted media outlets and targeted election infrastructure, officials said.
More recently, Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department's unclassified email system and a White House computer server and stole President Barack Obama's unclassified schedule, U.S. officials said. In 2015, they got into the German parliament, according to German officials, in what experts see as the most significant hack in the country's history.
Since its interference in the 2016 U.S. elections, Russia has been accused of attacks on the French elections and the Pyeongchang Winter Olympics and the costly NotPetya malware attacks on corporate networks. This year, Western governments accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied involvement.
As the operations have grown in scope, Russian hackers' technical abilities have improved, experts say. In the 2007 Estonia attack, hackers used a relatively crude tool called "distributed denial-of-service" which knocked websites offline by flooding them with data, and did little to hide their trail, with some of their IP addresses located in Russia.
More recent operations have used new reconnaissance tools and methods to cloak operations, including false flag tactics, to make it appear that another country was responsible.
In 2018, federal officials said that state-sponsored Russian hackers broke into supposedly secure, "air-gapped" or isolated networks owned by U.S. electric utilities. In the SolarWinds hack, intruders stealthily used a routine software update to gain access to hundreds of U.S. government and corporate systems undetected for months.
Source: How Russia's 'info warrior' hackers let Kremlin play geopolitics on the cheap
_________________
Author of Practical Preparations for a Coronavirus Pandemic.
A very unique plan. As Dr. Paul Thompson wrote, "This is the very best paper on the virus I have ever seen."