Security News

Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday. Unlike the alleged Russian attackers who inserted malware directly into the company's Orion network monitoring platform by compromising its build environment, another group has simply found and exploited a vulnerability in the software.

State actors can draw upon the skills and resources of their national intelligence communities, while state-sponsored actors, while not actually part of a state organization, can still draw upon the financial and technical assets of their sponsors. Another fundamental difference between "Civilian" and "State" actors is that law-enforcement agencies are better equipped to address threat actors who don't have state backing.

On Tuesday, security firm FireEye revealed that it was hit by a state-sponsored cyberattack through which the attackers stole its Red Team tools, a collection of scripts, scanners, and techniques used to train clients on how to improve their security defenses. The attackers operated clandestinely using tactics that counter security defenses and examination, and ones that Mandia said were not seen by FireEye or its partners before.

U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company's RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."

An unknown threat actor that is likely sponsored by a nation state is believed to be behind a recent phishing campaign targeting the COVID-19 vaccine cold chain, IBM Security reported on Thursday. The targets appear to be associated with the Cold Chain Equipment Optimization Platform of Gavi, the Vaccine Alliance, whose main goal is to improve access to vaccines in poor countries.

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The NSA notes that it has observed Chinese threat actors scanning for or attempting to exploit these vulnerabilities against multiple victims.

The US Cybersecurity and Infrastructure Security Agency has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. "Most of the vulnerabilities [] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and should be prioritized for immediate patching," the agency noted.

Some of the world's most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-source tools, actively exploiting corporate email systems, and using online extortion to scare victims into paying ransoms, according to Accenture's 2020 Cyber Threatscape Report. "Since COVID-19 radically shifted the way we work and live, we've seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities," said Josh Ray, who leads Accenture Security's global cyber defense practice, in a statement.

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. The prominent reminders sent to Google users targeted in government-backed attacks were displayed even when the hacking attempts were blocked to inform them of the danger.

Two Iranian hackers were indicted in the United States for allegedly engaging in numerous cyberattacks, some of them conducted on behalf of the government of Iran, the U.S. Department of Justice announced on Wednesday. The two, Hooman Heidarian, 30, and Mehdi Farhadi, 34, both of Hamedan, Iran, were charged with conspiracy to commit fraud and wire fraud, unauthorized access to protected computers, unauthorized damage to protected computers, access device fraud, and aggravated identity theft.