Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources

World49 minutes ago (Oct 07, 2021 03:06PM ET)

(C) Reuters. FILE PHOTO: The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio Flores/File Photo

By Joseph Menn and Christopher Bing

SAN FRANCISCO (Reuters) -The suspected Russian hackers who used SolarWinds and Microsoft (NASDAQ:MSFT) software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.

The hacks were widely publicized after their discovery late last year, and American officials have blamed Russia’s SVR foreign intelligence service, which denies the activity. But little has been disclosed about the spies’ aims and successes.

The reluctance of some publicly traded companies to explain their exposure has prompted a broad Securities and Exchange Commission inquiry https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10.

The campaign alarmed officials with its stealth and careful staging. The hackers burrowed into the code production process at SolarWinds, which makes widely used software for managing networks.

The group also took advantage of weaknesses in Microsoft’s methods for identifying users in Office 365, breaching some targets that used Microsoft software but not SolarWinds.

It has been previously reported that the hackers breached unclassified Justice Department networks and read emails at the departments of treasury, commerce and homeland security. Nine federal agencies were breached. The hackers also stole digital certificates used to convince computers that software is authorized to run on them and source code from Microsoft https://www.reuters.com/business/solarwinds-hackers-studied-microsoft-source-code-authentication-email-2021-02-18 and other tech companies.

One of the people involved said that the exposure of counter-intelligence matters being pursued against Russia was the worst of the losses.

A spokesperson for the Justice Department did not respond to a request for comment.

A White House official said that President Joe Biden has issued orders improving federal agency security, among other things requiring more multifactor-authentication and more monitoring of workplace devices.

In an annual threat-review paper released on Thursday https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi, Microsoft said the Russian spies were ultimately looking for government material on sanctions and other Russia-related policies, along with U.S. methods for catching Russian hackers.

Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, said the company drew its conclusions from the types of customers and accounts it saw being targeted. In such cases, she told Reuters, “You can infer the operational aims from that.”

Others who worked on the government’s investigation went further, saying they could see the terms that the Russians used in their searches of U.S. digital files, including “sanctions.”

Chris Krebs, the former head of U.S. cyber-defense agency CISA and now an adviser to SolarWinds and other companies, said the combined descriptions of the attackers’ goals were logical.

“If I’m a threat actor in an environment, I’ve got a clear set of objectives. First, I want to get valuable intelligence on government decision-making. Sanctions policy makes a ton of sense,” Krebs said.

The second thing is to learn how the target responds to attacks, or “counter-incident response,” he said: “I want to know what they know about me so I can improve my tradecraft and avoid detection.”

Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources

Similar Articles

Most Popular

Japan’s Princess Mako celebrates 30th birthday ahead of marriage

World1 hour ago (Oct 22, 2021 10:41PM ET) 4/4 (C) Reuters. Japan's Princess Mako, the eldest daughter of Crown Prince Akishino and Crown Princess Kiko, strolls...

Japan’s Princess Mako celebrates 30th birthday ahead of marriage

World1 hour ago (Oct 22, 2021 10:41PM ET) 4/4 (C) Reuters. Japan's Princess Mako, the eldest daughter of Crown Prince Akishino and Crown Princess Kiko, strolls...

Prop gun in Alec Baldwin accidental movie set shooting had live rounds, police say

2/2 (C) Reuters. A view of the entrance to Bonanza Creek Ranch where Hollywood actor Alec Baldwin fatally shot a cinematographer and wounded a director...

Subscribe here