Tech

Microsoft: SolarWinds hackers continue to attack tech companies

Russia-linked hackers behind last year’s US government and numerous private sector compromises

SolarWinds Ltd

SWI 0.43%

Cybersecurity experts say they have intensified their attacks in recent months and broke into tech companies to steal sensitive information.

In a campaign dating back to May of this year, hackers are targeting more than 140 technology companies, including those that manage or resell cloud computing services.

Microsoft Ltd

MSFT -0.51%

According to Microsoft, the attack was successful at 14 of these tech companies, involving unsophisticated techniques such as phishing and guessing user passwords in the hope of accessing the system.

According to a blog post, Tom Bart, Corporate Vice President of Customer Security and Trust at Microsoft, said: It was provided prior to the announcement by Microsoft on Monday.

According to security experts, last year’s SolarWinds incident showed that a breach on one of the most widely used links in the tech supply chain could be the starting point for further attacks. After government officials have returned it to the Russian Foreign Intelligence Service, April Biden administration Punished Moscow with an attack Suspected of other malicious cyber activities with economic sanctions and diplomatic expulsion.

It doesn’t seem to discourage hackers. Microsoft says it has observed 22,868 groups associated with SolarWinds attacks targeting 609 companies between July 1st and October 19th this year. According to Bert, this is more than Microsoft has observed from all hackers linked to the government in the last three years.

The invasion of SolarWinds, undiscovered for over a year, was part of a hacking campaign that gave intruders a foothold. At least 9 federal agencies and 100 private companies..Microsoft itself and cybersecurity companies

FireEye

It was jeopardized during the incident.

However, not all intrusions are related to SolarWinds software. Government officials say 30% of the victims did not use SolarWinds products.

This hack is considered one of the worst intelligence obstacles in the United States in years. Moscow denied involvement. A representative of the Russian embassy in Washington did not immediately respond to the message asking for comment.

The latest disclosure of Russia’s alleged activity is an ongoing bilateral meeting aimed at addressing the excess of ransomware attacks from Russian cybercriminals against important US infrastructure and business by the Biden administration. Comes when trying to reduce Moscow’s cyber attacks through a variety of means, including. Authorities have expressed different views on whether Moscow has cracked down on these criminal groups in response to US pressure.

U.S. government officials briefed on Microsoft’s findings said recent intrusion attempts appear to be primarily routine hacking handicrafts from Russia.

“Based on the details of Microsoft’s blog, the activity described is the operation of a factory for the purpose of unsophisticated password spraying, phishing and surveillance, which is being attempted daily by Russia and other foreign governments.” Said the US government. The official said.

Stakeholders mentioned an account feature that required a code sent to a phone or other device to verify login, saying, “If the cloud service provider implements baseline cybersecurity practices, including multi-factor authentication. , I was able to prevent intrusion attempts. “

Network management software seller SolarWinds remains unaware of how it was initially compromised, but corporate executives and investigators said the first entry point was Microsoft’s observations of this recent activity. He states that it may have been the same type of unsophisticated technology.

Supply chain cybersecurity has attracted unprecedented interest in Washington over the past few months, partly due to the devastating and widespread consequences of SolarWinds breaches. Last week, the U.S. House of Representatives passed bill 412-2, and the Department of Homeland Security will issue guidance to federal contractors to submit software details in their supply chains, including the origin of the technology, to DHS. I asked. review.

Parliamentary action follows an executive order signed by President Biden in May. This was also shaped by a SolarWinds breach and created a baseline cybersecurity standard for US agencies and their software contractors, including obligations to use multi-factor authentication and data encryption.

“The SolarWinds incident was a turning point for our country,” Director of the National Security Agency and US Cyber ​​Command General Paul Nakasone said at a meeting earlier this month, “It was a serious invasion by foreign enemies. I’m trying to harm the country. “

Write in Robert McMillan Robert.Mcmillan@wsj.com And in Dustin Voltz dustin.volz@wsj.com

Copyright © 2021 DowJones & Company, Inc. all rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Microsoft: SolarWinds hackers continue to attack tech companies

Source link Microsoft: SolarWinds hackers continue to attack tech companies

Back to top button