Recently, Microsoft reported it discovered a new cyberattack by the same group that carried out the Solar Winds attack late last year. The group responsible has been identified as the SVR – Russia’s foreign intelligence agency.
The Solar Winds attack stemmed from trojan software that was planted by hackers to steal information, manipulate IT systems and plant “trap doors” that could allow further network and computer access in the future. The breach affected computer networks at the State, Commerce and Treasury Departments, Department of Homeland Security and the National Institute of Health – all agencies of the U.S. government. Solar Winds estimates that as many as 18,000 organizations, including unclassified government networks and 425 Fortune 500 companies, could have unknowingly downloaded the malicious software at the time.
The Homeland Security Adviser at the time, Tom Bossert, said of the Solar Winds cybersecurity attack: “The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of computers, network hardware and servers across vast federal and corporate networks,” “Somehow, the nation’s sensitive networks have to remain operational despite unknown levels of Russian access and control. A ‘do over’ is mandatory and entire new networks need to be built — and isolated from compromised networks. Cyber threat hunters that are stealthier than the Russians must be unleashed on these networks to look for the hidden, persistent access controls. These information security professionals actively search for, isolate and remove advanced, malicious code that evades automated safeguards. This will be difficult work as the Russians will be watching every move on the inside.”
State Department in the Cyber Crosshairs
And watching they were! In this latest cybersecurity attack, the perpetrators entered the State Department’s international aid agency’s email system. This gave them access to dozens of organizations based in the U.S. and around the world, including human rights groups and known critics of President Vladimir Putin and his Russian government.
Microsoft reported the group Nobelium gained access to an email account belonging to the United States Agency for International Development. Once inside, they were able to send out 3,000 phishing emails to around 150 government agencies, think tanks and other non-governmental organizations (NGOs). The authentic-looking emails contained a link that when clicked inserted malware into the victim’s computer. This gave hackers access capability ranging from stealing data to infecting other computers on other networks.
The primary goal of the attack seems to have been to gather intelligence information on organizations involved with foreign policy. But a secondary goal appears to have been to undermine and erode trust in our technology ecosystems.
Microsoft believes many of the emails were blocked by automated virus and spam identification systems thus minimizing the damage from the hack. But this latest phishing email cybersecurity attack is just another example pointing out the importance of improving our cybersecurity technology and defenses in the ongoing battle of reducing cybersecurity attacks. As these cybersecurity attacks keep happening … and it looks like they will … we have a long way to go to gain superiority in this ongoing global cat and mouse game of cybersecurity.