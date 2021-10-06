



The Russian group has raped several tech companies in connection with previously unreported activities, said Charles Carmakal, senior vice president and chief technical officer of cybersecurity firm Mandiant. Hackers have also used new tools and techniques in some of their operations this year, Carmakal said.

“The group has compromised several government entities, organizations that focus on foreign policy and policy issues and technology providers that provide direct or indirect access to ultimate target organizations in North America and Europe,” said Carmakal on CNN. He declined to identify the technology providers.

It is not known what data, if any, the hackers accessed. But the activity is reminiscent of the challenge the Biden administration faces as it attempts to blunt the efforts of major U.S. digital adversaries to access sensitive government data.

A US official familiar with the matter told CNN that federal agencies are tracking the latest actions of Russian hackers.

“The issue was raised at recent National Security Council meetings,” said the official, who requested anonymity.

The Russian group is best known for using fake software manufactured by federal contractor SolarWinds to violate at least nine active US agencies that came to light in December 2020. The attackers went undetected for months on the networks unclassified email messages from Justice, Homeland Security and others, and it was FireEye, Mandiant’s former parent company, and not a government agency, that discovered the hacking campaign.

In April, the Biden administration attributed the spy campaign to Russia’s foreign intelligence service, the SVR, and criticized Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow has denied any involvement.

Homeland Security Secretary Alejandro Mayorkas said in March that US cybersecurity defenses must be faster to detect future espionage efforts. “Our government was hacked last year and we haven’t known it for months,” Mayorkas said in a speech, referring to the SolarWinds incident.

To that end, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has pledged to spend a portion of the $ 650 million it received from the US bailout earlier this year on new security tools to detect the threats. The Biden administration also instituted mandatory safety standards for U.S. government contractors. Deputy Attorney General Lisa Monaco said on Wednesday that the Justice Department would use its “civil enforcement tools to prosecute companies – those that are government contractors or receive federal funds – when they fail to comply with cybersecurity standards required “.

Cat and mouse game

For US agencies, it could be a game of cat and mouse trying to detect Russian agents. They are professionals – like those employed by major US and Chinese spy agencies – with a mission to gather intelligence on government targets, analysts say. This means that they develop new hacking tools when others are exposed.

From April, if not earlier, the Russian group was using new malware to “remotely exfiltrate sensitive information” from the computer servers of targeted organizations, Microsoft said in a September 27 blog post.

Microsoft declined to comment on where the targeted organizations are located or in what industries they are located. But other security experts say they have responded to digital intrusions associated with the large group of hackers Washington has blamed for SolarWinds breaches.

“They are constantly active,” Adam Meyers, senior vice president of intelligence at security firm CrowdStrike, said of the Russian group. “I think public reporting is… when we catch them and when we see what they’re up to.”

Last month, CrowdStrike found malicious code in a customer network that Meyers said was likely deployed by Cozy Bear, a Russian group that overlaps with that followed by Microsoft. Meyers declined to give details of the incident.

The National Security Agency, FBI, CISA and the Office of the Director of National Intelligence declined to comment for this story.

General Paul Nakasone, who heads the NSA and the US Cyber ​​Command, said on Tuesday that US agencies had worked well with Mandiant to cut short the Russian spy campaign exploiting SolarWinds.

“The SolarWinds incident, I think, was really a turning point for our nation,” Nakasone said at the Mandiant Cyber ​​Defense Summit in Washington. “We were able to expose a significant intrusion from a foreign adversary who was attempting to harm our nation.”

