Thread: Russia Behind Hack of Treasury, Commerce: WaPo

in 2018

https://www.politico.com/magazine/st...-harbor-219015

in 2020

https://www.dailymail.co.uk/news/article-9069351/Congressman-compares-Russian-hack-government-Pearl-Harbor.html

So you're saying the hacks are getting more serious.

Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach


“Now witness the firepower of this fully armed and operational Battle Station.” – Emperor Palpatine, Return of the Jedi

Analysis: This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.

Through four steps over four days, Microsoft flexed the muscle of its legal team and its control of the Windows operating system to nearly obliterate the actions of some of the most sophisticated offensive hackers out there. In this case, the adversary is believed to be APT29, aka Cozy Bear, the group many believe to be associated with Russian intelligence, and best known for carrying out the 2016 hack against the Democratic National Committee (DNC).

While details are continuing to emerge, the SolarWinds supply chain attack is already the most significant attack in recent memory. According to SolarWinds, Microsoft, FireEye, and the Cybersecurity and Infrastructure Security Agency (CISA) the attackers compromised a server used to build updates for the SolarWinds Orion Platform, a product used for IT infrastructure management. The attackers used this compromised build server to insert backdoor malware into the product (called Solorigate by Microsoft or SUNBURST by FireEye).

According to SolarWinds, this malware was present as a Trojan horse in updates from March through June 2020. This means any customers who downloaded the Trojaned updates also got the malware. While not all customers who got the malware have seen it used for attacks, it has been leveraged for broader attacks against the networks of some strategically critical and sensitive organizations.

Those attacked include FireEye, the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), and the US Department of State.

Everyone who has worked on this case directly has spoken to the sophisticated nature of the attack. The breadth, strategic importance and security expertise of the victims bear this out. While nearly every attack is called “sophisticated” by victims who try and shield themselves from criticism, the security community is nearly unanimous in its verdict that the term is merited in this case.

The speed, scope and scale of Microsoft’s response were unprecedented. Specifically, Microsoft did four things over the course of four days that effectively undid the work of the attackers.

1) On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used. These digital certificates allowed Microsoft Windows systems to believe that those compromised files were trustworthy. In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.

2) That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows, to detect and alert if it found the Trojaned file on the system.

3) Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control (C2): avsvmcloud[.]com. SInkholing is a legal and technical tactic to deprive attackers of control over malware. In Sinkholing, an organization like Microsoft goes to court to wrest control of a domain being used for malicious purposes away from its current holder, the attacker.

When successful, the organization can then use its ownership of that domain to sever the attacker’s control over the malware and the systems the malware controls. Sinkholed domains can also be used to help identify compromised systems: when the malware reaches out to the sinkholed domain for instructions, the new owners can identify those systems and attempt to locate and warn the owners. Sinkholing is a tactic that was first used in big attacks in the 2008-2009 battle against Conficker and has been a standard tactic in Microsoft’s toolkit for years, including most recently against TrickBot.

4) Finally, today, Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it. This action is important, too, because it gives other security companies license now to follow suit with this drastic step: Microsoft’s size and leadership of its platform give cover to other security companies that they wouldn’t otherwise have.

Taken together, these steps amount to Microsoft first neutralizing and then killing the malware while wresting control over the malware’s infrastructure from the attackers. By the end of this week, the attackers will be left with barely a fraction of the systems under their control.

They may still have access to compromised networks through other means: that’s what incident responders are likely working on now. And there’s no undoing whatever they did while the infiltration went unnoticed for months. But still, these actions together come as close to obliterating an attack as we’ve seen, which is all the more notable because of the likely attackers.

In the end, this all reminds us how much power Microsoft has at its disposal. Between its control of the Windows operating system, its robust legal team, and its position in the industry, it has the power to change the world nearly overnight if it wants to. And when it chooses to train that power on an adversary, it really is the equivalent of the Death Star: able to completely destroy a planet in a single blast.

Fortunately these days, Microsoft is sparing in its use of its power. But as I’ve noted before, we should never mistake Microsoft’s gentleness for weakness.

And anyway, what’s the point in having a Death Star if you don’t get to use it (for good) sometimes?

https://www.geekwire.com/2020/micros...sponse-breach/

So . . . Skidmark is defending Russia and more importantly Putin as he is a strongman murderer . . . just like he likes and admires them

Loondyke is doing his best to . . . - well who cares what the fuckwit is doing

OhNo hasn't reacted as China hasn't been implicated seriously

Congressman-compares-Russian-hack-government-Pearl-Harbor

Wondering why the coherency to Pearl Harbor? Wouldn't be quite better not to remind the ill-fated event?
There are hundreds of unpalatable documents why such tragedy had to occur...

Originally Posted by Cujo

So you're saying the hacks are getting more serious.

No you utter plonk. The first story was debunked by some Generals.

And I will bet money that some US officials themselves, will call bullshit on this whole "Russia did it" narrative in the coming months

Originally Posted by Backspin

There is no fucking way in hell Russia did this.

Of course they would. They did not reckon on being sussed out so quickly and completely. Who do you think it was moron? Bangladesh?

So they've had an attack since March.

I'd say Microsoft are a bit late, with their plug.

Whoever it was has certainly got what they want and more.

Just a reminder: Attribution is a lengthy process, and requires lots of data, which is now being collected and analyzed. It will take months for anything definitive.

The attackers set up a VPS and had all the data shipped to it via DNS requests. A company called Infoblox have been trying for years to get me to buy their hideously expensive and shitty "DNS Security" product, and I've always said no: This proves why.

However, there is no fucking way Pompeo, Baldy orange loser or anyone else can say with any certainty whether it's Vlad or the chinkies.

What is certain is that they are the two where you can definitely say they have the resources and skills needed to pull off what is in technical terms a most admirable attack.

I don't think the other two contenders - North Korea and Iran - have the chops for an attack of this complexity.

If you asked me to put money on it, I'd veer towards the Russians, but not by much.

Time will tell.

Originally Posted by Chico

So they've had an attack since March.

I'd say Microsoft are a bit late, with their plug.

Whoever it was has certainly got what they want and more.

And in fact one expert said something along the same lines: "They've got so much data they probably don't even know what they have yet".

Originally Posted by Cujo

So you're saying the hacks are getting more serious.

Imagine if you can what would happen if your nations electricity and water supplies were cut, and supply chains destroyed.

How long do you think it would be before it would become a total free for all?

Originally Posted by harrybarracuda

other two contenders - North Korea and Iran

Wondering how these two primitive countries could endanger the most developed country that is equipped with the best defence systems...

Just fancy that.

DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump.

DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump. - POLITICO

Originally Posted by Klondyke

Wondering how these two primitive countries could endanger the most developed country that is equipped with the best defence systems..

Perhaps the US has lost its way, and there systems are extremely vulnerable and outdated.

Only country with carte blanche to spy on The USA is ...........?

Why not ?

They did it before

Originally Posted by helge

They did it before

Are you under the impression there are only two countries in the world who spy on other countries and utilise all available methods they possess?

Originally Posted by Chico

Perhaps the US has lost its way, and there systems are extremely vulnerable and outdated.

Go back to something you understand nitwit...

Barney - Theme Song - I Love You Song - YouTube

Originally Posted by bsnub

Go back to something you understand nitwit...

Perhaps you should get used to going down the pan,you defence system is fekked

Originally Posted by OhOh

Are you under the impression there are only two countries in the world who spy on other countries and utilise all available methods they possess?

No
That's why you could fill out the blanks yourself

My first thought was Israel, did it before.

Who do you think I was referring to ?


I have no idea who did what

Originally Posted by OhOh

Thank you for your replies. All of them, not just the sentence above. A refreshing new stance

One might add, to your list, all the media who are publishing their opinions as facts.

They're not, they're publishing what they've been told by two top government officials who are both arseholes.

Originally Posted by helge

My first thought was Israel, did it before.

Yes, I'm sure Israel would jeopardise the billions it gets in financial and military aid from the US, not to mention the de facto protection, by doing this.

Nah, I was joking. You're fucking idiot.

Originally Posted by OhOh

Are you under the impression there are only two countries in the world who spy on other countries and utilise all available methods they possess?

Careful, you're reaching chico-like levels of idiocy

Originally Posted by harrybarracuda

Yes, I'm sure Israel would jeopardise the billions it gets in financial and military aid from the US, not to mention the de facto protection, by doing this.

I'm sure that you are the only besserwisser, who has never googled 'israel spying in USA'

As I wrote: Carte blanche, it means no 'jeopardise',

fool

Originally Posted by helge

I'm sure that you are the only besserwisser, who has never googled 'israel spying in USA'

As I wrote: Carte blanche, it means no 'jeopardise',

fool

Like I said, you're a fucking idiot.