Russian hackers still target U.S., other foreign organisations: U.S. security agencies

The latest advisory warns organisations that hackers do not seem to back down.

April 29, 2021 10:02 am | Updated May 05, 2021 04:20 pm IST

Russian hackers still target U.S., other foreign organisations: U.S. security agencies.

Russian hackers still target U.S., other foreign organisations: U.S. security agencies.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Russian hackers are still targeting U.S. and foreign entities to gather intelligence for future cyberattacks, the US security and intelligence agencies warned.

In a Joint Cybersecurity Advisory, the Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA noted that Russian Foreign Intelligence Service (SVR) cyber actors primarily target government networks, think tanks, policy analysis organizations, and information technology companies.

U.S. agencies and the U.K.’s National Cyber Security Centre blamed SVR for the SolarWinds supply chain attack that allowed hackers to gain access to thousands of organisations around the world along with many government agencies.

FBI said that beginning in 2018, the SVR shifted from using malware on victim networks to targeting cloud resources, mainly e-mail, to obtain information. It further said that exploitation of Microsoft Office 365 environments during SolarWinds attack reflects this continuing trend.

“Targeting cloud resources probably reduces the likelihood of detection by using compromised accounts or system misconfigurations to blend in with normal or unmonitored traffic in an environment not well defended, monitored, or understood by victim organizations,” the advisory stated.

Also Read : ‘Russian link to hacking in United States’

The latest advisory warns organisations that hackers do not seem to back down. It also provides details of SVR Cyber Operations tactics, techniques, and procedures.

One of the techniques SVR uses is password spraying, meaning attacking weak password associated with an administrative account. Threat actors attempted a small number of passwords at infrequent intervals to avoid detection. To defend from this technique, the FBI and DHS recommend use of multi-factor authentication and use of strong passwords. Besides, it urged network operators to prohibit remote access to administrative functions and resources from IP addresses and systems not owned by the organization.

Another method used by hackers is a zero-day exploit against a virtual private network (VPN) appliance to obtain network access. The agencies also warned about WELLMESS Malware, a malware written in the Go programming language and used to target COVID-19 vaccine development.

FBI also noted that infrastructure used in the intrusions is obtained using false identities and cryptocurrencies. The alert by agencies has been released for organizations to conduct investigations and secure their networks. CISA also encouraged users to administrators to implement and recommend mitigations.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.