[ad_1]
A new Russian cyberattack has put thousands of computers belonging to US companies and official organizations in check, Microsoft revealed this Monday in an entry published on the company’s blog. It is, according to Tom Burt, his vice president for security affairs, a campaign by “the Russian Nobelium agency”. It is the same group of pirates “that was behind the SolarWinds incident in [la primavera de] 2020, and which the United States Government and others have identified as part of the SVR [Servicio de Inteligencia Exterior ruso]”.
The offensive comes seven months after President Joe Biden announced sanctions on Moscow in April for its responsibility in several episodes of this type, and just two weeks after he organized a meeting with 30 countries and the European Union to discuss issues cybersecurity, to which Russia was not invited. The absence was due to the fact that, as explained by a senior White House official, there are bilateral forums in which these issues are being discussed “in a frank and direct manner”. Judging by the latest news, frankness is not paying off.
The attack falls into the category of espionage (in search of industrial or pharmaceutical secrets) and not into that of sabotage, a pattern that has been repeated in several of the most notorious campaigns of the last two years, which have caused millions in losses to US companies and they have affected supplies of oil or meat. In these types of operations, hackers use the technique of ransomware, malicious software that hijacks a computer system and encrypts data until a ransom is paid, usually in cryptocurrency.
Sanctions on Moscow
Washington imposed tough sanctions on Russia on April 15 for, among other reasons, interfering in the 2020 US presidential elections. Biden said at the time that he informed his Russian counterpart in a “respectful and sincere” telephone conversation. “I have been clear with the president [Vladímir] Putin. The United States could have gone further, but we have decided not to. But if Russia takes another step in its interference, we are prepared to respond. ” Moscow responded with a threat of forceful measures.
The latest cyberattack has as its main objective the technological supply chain, those companies that adapt Microsoft’s data storage services in the cloud so that they can be used by end consumers, whether they are commercial companies or academic organizations. In the jargon they are known as “resellers.” And that is one of the weakest points of the system. While there are institutions like the CIA that rely on that type of maintenance of their data with companies like Amazon, when that technology is outsource security can be seriously affected.
Join now EL PAÍS to follow all the news and read without limits
Subscribe here
According to the experts participating in an annual cybersecurity forum held these days on Sea Island, in the State of Georgia, cited by The New York Times, The hackers, who have worked from a large database of stolen passwords, have used “unsophisticated and easily preventable” techniques this time.
The US authorities already implicated the SVR in espionage operations against the networks of the Democratic National Committee, the party’s governing body, in the 2016 elections, in which Donald Trump was elected. In the SolarWinds case, they managed to alter the software thousands of computers, exposing data from 18,000 users. This time the number of affected terminals has been less. The SVR hackers then introduced their sentries through a software employed by dozens of institutions, including the Treasury Department. It was enough for a user to routinely update this service, provided by the Texas company SolarWinds, for the system to be infected with virtual spies. The Kremlin has repeatedly denied involvement in these attacks, while US authorities have been skeptical of Moscow’s willingness to stop them.
“We began to observe this latest campaign in May 2021 and we have informed those affected, while we have provided them with assistance,” the company’s senior executive, Tom Burt, writes in the aforementioned statement. “We continue to investigate, but to date we believe that up to 14 of these resellers and service providers have been compromised. Fortunately, we discovered this campaign during its early stages (…). These attacks are part of a larger action. Between July 1 and October 19, we informed 609 clients that they had been attacked 22,868 times by Nobelium, with a low success rate. “
Burt interprets that “this recent activity is another indicator that Russia is trying to gain systematic and long-term access to the technology supply chain in order to monitor, now or in the future, targets of interest” to the Kremlin. Microsoft promises that it will continue to work “with the private sector, with the United States Administration, and with all other governments interested in combating” these threats.
Follow all the international information at Facebook and Twitter, o en our weekly newsletter.
[ad_2]