SAN FRANCISCO, Oct 7 (Businesshala) – Russian hackers suspected of using SolarWinds and Microsoft software to break into US federal agencies surfaced with information about a counter-intelligence investigation, a policy of sanctioning Russian individuals and the country’s response. Returns. The investigation told Businesshala.
The hack was widely publicized after their discovery late last year, and US officials have blamed Russia’s SVR foreign intelligence service, which denies the activity. But little has been disclosed about the purpose and successes of the spies.
The reluctance of some publicly traded companies to explain their risk has prompted an extensive Securities and Exchange Commission investigation.
The campaign intrigued the authorities with its stealth and careful staging. Hackers got into the code production process at SolarWinds (SWI.N), which makes widely used software for managing networks.
The group also took advantage of vulnerabilities in Microsoft’s (MSFT.O) methods for identifying users in Office 365, violating some of the targets that used Microsoft software but not SolarWinds.
It has previously been reported that the hackers breached the unclassified Justice Department network and read emails to the Treasury, Commerce and Homeland Security departments. Nine federal agencies were violated. The hackers also stole digital certificates used to convince computers that the software was authorized to run on them and source code from Microsoft (MSFT.O) and other tech companies.
One of those involved said the exposure to ongoing counter-intelligence cases against Russia was the worst of the damage.
Spokesmen for the Justice Department and White House did not respond to requests for comment on Wednesday.
In an annual threat-review paper released Thursday, Microsoft said Russian spies were eventually looking for US ways to catch Russian hackers, as well as government material on sanctions and other Russia-related policies.
Kristin Goodwin, general manager of Microsoft’s digital security unit, said the company derived its findings based on the types of customers and accounts being targeted. In such cases, she told Businesshala, “you can infer operational objectives from that.”
Others working on the government’s investigation further said, they could see the terms the Russians used in their searches of US digital files, including “sanctions”.
Chris Krebs, former head of the US cyber-defense agency CISA and now an advisor to SolarWinds and other companies, said the joint description of the attackers’ targets was logical.
“If I am a dangerous actor in an environment, I have a clear set of objectives. First, I want to get valuable information on government decision-making. Sanctions policy matters a lot,” Krebs said.
The second is to learn how the target responds to attacks, or “counter-incident response,” he said: “I want to know what they know about me so that I can improve my trading and from detection.” I can escape.”