Russian government spies are behind a broad hacking campaign that has breached 
U.S. agencies and a top cyber firm

Ellen Nakashima
3-4 minutes

https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html

The Russian government hackers who breached a top cybersecurity firm are behind 
a global espionage campaign that also compromised the Treasury and Commerce 
departments and other U.S. government agencies, according to people familiar 
with the matter.

The FBI is investigating the campaign by a hacking group working for the 
Russian foreign intelligence service, SVR. The breaches have been taking place 
for months and may amount to an operation as long-running and significant as 
one that occurred in 2014-2015.

The group, known among private-sector security firms as APT29 or Cozy Bear, 
also hacked the State Department and the White House during the Obama 
administration.

All of the organizations were breached through a network management system 
called Solar Winds, according to three people familiar with the matter, who 
spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds 
could not immediately be reached for comment.

It is not clear what information was accessed from the government agencies.

Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, 
saying they were carried out by a foreign government-backed group. The SVR link 
to the broader campaign is previously unreported.

The matter was so serious it prompted an emergency National Security Council 
meeting on Saturday, Reuters reported.

“The United States government is aware of these reports and we are taking all 
necessary steps to identify and remedy any possible issues related to this 
situation,” said NSC spokesman John Ullyot. He would not comment on the country 
or group responsible.

APT29 has also been linked to attempts to steal coronavirus vaccine research.

The Washington Post reported last week that the Russian hacking group, APT29, 
breached the cybersecurity firm, FireEye, according to three people familiar 
with the matter.

At Commerce, the Russians targeted the National Telecommunications and 
Information Administration, an agency that handles internet and 
telecommunications policy, Reuters reported.

The campaign is said to be quite broad, encompassing an array of targets, 
including government agencies in the United States and other countries. It has 
been running for months, one person said.

In 2015, the same group compromised the servers of the Democratic National 
Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it 
did not leak stolen material. In 2016, the GRU military spy agency leaked 
hacked emails to the online anti-secrecy organization WikiLeaks in an operation 
that disrupted the Democrats’ national convention in the midst of the 
presidential campaign.

The SVR, by contrast, hacks for traditional espionage purposes, stealing 
information that might help the Kremlin understand the plans and motives of 
politicians and policymakers. Its operators also have filched industrial 
secrets, hacked foreign ministries and gone after coronavirus vaccine data.
_______________________________________________
Infowarrior mailing list
Infowarrior@attrition.org
https://attrition.org/mailman/listinfo/infowarrior

Reply via email to