“What we’re looking at now is not just an attack that is ongoing, that is not just highly sophisticated, but also we cannot trust the supply chain. We can no longer trust that any third-party application in these systems has not been compromised by Russia,” says NYT’s Nicole Perlroth.
As the U.S. government works to contain a sprawling hacking campaign that relies on software in technology from SolarWinds, a federal contractor, technology firms are disabling some of the hackers’ key infrastructure.
Cybersecurity giant FireEye on Wednesday said that it had worked with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to victim machines. The move is no panacea for stopping the suspected state-sponsored hacking campaign, though it could help stem the tide of victims, which reportedly includes the departments of Treasury and Homeland Security.
The seized domain, known as a “killswitch,” will “affect new and previous” infections of the malicious code coming from that particular domain, FireEye said in a statement that was first reported by independent journalist Brian Krebs. “Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution.”
Ransomware attackers using evolved SystemBC malware with a Tor proxy and remote control tool.
“Now witness the firepower of this fully armed and operational Battle Station.” – Emperor Palpatine, Return of the Jedi
This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.
Through four steps over four days, Microsoft flexed the muscle of its legal team and its control of the Windows operating system to nearly obliterate the actions of some of the most sophisticated offensive hackers out there. In this case, the adversary is believed to be APT29, aka Cozy Bear, the group many believe to be associated with Russian intelligence, and best known for carrying out the 2016 hack against the Democratic National Committee (DNC).
FBI says ransomware group has been calling victims, threatening to send individuals to their homes if they don’t pay the ransom.
The widespread and monthslong hack of the U.S. government and some of America’s biggest corporations was enabled by an unlikely source: a little-known Austin, Texas, software company called SolarWinds Corp. that until this week was a household name only to computer network administrators.
Security investigators say the company that boasts more than 400 of the Fortune 500 corporations and many government agencies as clients provided the perfect delivery mechanism for a carefully executed intrusion attributed to Russia’s foreign-intelligence service.
SolarWinds provides the tools many companies use to manage their computer networks. That’s what made the hack of U.S. government agencies and some of America’s biggest corporations so pernicious.
The US government has confirmed that a massive hack had occurred in at least two federal departments, including the US Treasury and the Department of Commerce.
Hackers were able to monitor internal emails at US federal departments, including the Treasury, for months. There is concern officials have only scratched the surface of understanding the hack’s effects.
By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks.
The U.S. government Agencies and cybersecurity firm FireEye were hacked using SolarWinds software supply chain attack.
New research shows millions of devices are vulnerable to vulnerable, but there are ways to protect yourself.
