Microsoft officials say hackers connected to Russia’s intelligence service, SVR, appear to have introduced a chain-of-origin attack, this time opposed to a company that allowed intruders to enter computer networks from a list of human rights teams and expert groups.
Microsoft said it discovered the flaw this week and believes it started when hackers broke into an email marketing company called Constant Contact, which supplies, among other things, the US Development Agency with the U. S. Development Agency. International America.
Once they broke in, the hackers sent emails that gave the impression of being USAID. These emails contained links, and when recipients clicked on them, they discreetly loaded malware into their systems, allowing hackers full access. even install more malware for later use.
Tom Burt, vice president of security and visitor acceptance at Microsoft, told NPR in an interview that hackers appeared to be informed as they went along, customizing their malware packages for the target. “Before the malware is installed,” he said, “they’re doing safe things to help them perceive the environment in which they’ll review to install the malware, so they can decide the right malware package. “
The explanation for why this is vital is that this is some other indication that a player in the geographic region is involved. As a general rule, common cybercriminals do not target such establishments and do not adapt their malware in this way. about 150 organizations may have been affected by piracy, with some 3,000 compromised accounts possible, believe the number will likely end much lower than that.
The latest attack follows the previous discovery this year of a radical chain hack opposed to a Texas software company called SolarWind. In this case, SVR hackers are believed to have infiltrated the company’s progression environment and exchanged its edition of a software update with the one produced by SolarWinds.
In that case, they would have committed a list of U. S. corporations and a handful of government institutions, the Treasury Department, Homeland Security, and even the Pentagon.
Biden’s administration responded to the violation by imposing more sanctions on Russia and expelling some of its diplomats. President Biden warned Moscow not to engage in such chain attacks, but that does not appear to have deterred them. he was convinced that Russia was the most recent violation and that it can simply be said that it was the same organization that attacked SolarWinds.
“We can be convinced of our conclusion that this is an organization operating from Russia,” Burt told NPR. “The agreement with the SVR comes from the techniques we see they employ and the types of targets they target. So it’s a set of circumstantial evidence, you could say, it goes in a coherent direction. “
The SolarWinds organization is known as ATP29, or Cozy Bear. Burt said his team had noticed many hacking techniques overlapping cozy bear had used in the past, but stopped before unequivocally saying they were Arrays. , that a subset of the organization introduced the most recent attack.
What SolarWinds and the most recent lagoon have is not unusual, apart from the Russian cable, is that these are chain-of-origin attacks. The hackers did not directly target the corporations or establishments they were interested in, but targeted their suppliers, locating an extra corporate in the chain of origin, as a software company, and instead hacked them.
The big question now is what Biden’s administration will answer. President Biden has scheduled a summit with Russian President Vladimir Putin in less than 3 weeks. White House officials told reporters that the assembly proceeds as planned.
Editor’s Note: Microsoft and Constant Contact are monetary sponsors of NPR.