Skip to main content
Currently Reading
Big Russian hack used a technique experts had warned about for years. Why wasn t the U.S. government ready?
Craig Timberg, The Washington Post
Feb. 9, 2021
FacebookTwitterEmail
WASHINGTON - The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply they were able to impersonate any user they wanted. It was the computer network equivalent of sneaking into the State Department and printing perfectly forged U.S. passports.
Cybersecurity researchers had warned for years that such an attack was possible. Those from one firm, FireEye, even released hacking tools in 2019 showing exactly how to do it - in hopes the revelation would spur the widespread deployment of better defenses.
Microsoft today released a pair of cumulative updates for older versions of Windows 10, including versions 1909 and 1809. As you'd expect for a mid-stream update, these are optional.
Malwarebytes has confirmed that the SolarWinds attackers managed to access internal emails, although via a different intrusion vector to many victims.
While many of the organizations caught up in the suspected Russian cyber-espionage campaign were compromised via a malicious SolarWinds Orion update, US government agency CISA had previously pointed to a second threat vector. This involved use of password guessing or spraying and/or exploiting inappropriately secured admin or service credentials.
The security vendor said attackers abused applications with privileged access to Microsoft Office 365 and Azure environments.
“We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks,” the vendor explained.
To revist this article, visit My Profile, then View saved stories.
One of the most chilling aspects of Russia s recent hacking spree which breached numerous United States government agencies among other targets was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this wasn t the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims networks with simple and elegant strategies. Now researchers are bracing for a surge in those techniques from other attackers.
The SolarWinds hackers used their access in many cases to infiltrate their victims Microsoft 365 email services and Microsoft Azure Cloud infrastructure both treasure troves of potentially sensitive and valuable data. The challenge of preventing these types of intrusions into Microsoft 365 and Azure is that they don t depend on specific vulnerabilities that