Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm
Ellen Nakashima 3-4 minutes https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other U.S. government agencies, according to people familiar with the matter. The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The breaches have been taking place for months and may amount to an operation as long-running and significant as one that occurred in 2014-2015. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration. All of the organizations were breached through a network management system called Solar Winds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds could not immediately be reached for comment. It is not clear what information was accessed from the government agencies. Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign is previously unreported. The matter was so serious it prompted an emergency National Security Council meeting on Saturday, Reuters reported. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot. He would not comment on the country or group responsible. APT29 has also been linked to attempts to steal coronavirus vaccine research. The Washington Post reported last week that the Russian hacking group, APT29, breached the cybersecurity firm, FireEye, according to three people familiar with the matter. At Commerce, the Russians targeted the National Telecommunications and Information Administration, an agency that handles internet and telecommunications policy, Reuters reported. The campaign is said to be quite broad, encompassing an array of targets, including government agencies in the United States and other countries. It has been running for months, one person said. In 2015, the same group compromised the servers of the Democratic National Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it did not leak stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats’ national convention in the midst of the presidential campaign. The SVR, by contrast, hacks for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data. _______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior