Security News

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

Some of America's most deeply held secrets may have been stolen in a disciplined, monthslong operation being blamed on elite Russian government hackers. Thomas Rid, a Johns Hopkins cyberconflict expert, said the campaign's likely efficacy can be compared to Russia's three-year 1990s "Moonlight Maze" hacking of U.S. government targets, including NASA and the Pentagon.

Threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, needing just a few days for each attack. While emulators are not malicious tools, the group behind this campaign used them for malicious purposes emulating compromised devices or setting up what looked like new devices picked up by the compromised accounts' owners.

Using indicators of compromise made available by FireEye, threat intelligence and incident response firm Volexity determined that the threat group behind the SolarWinds hack targeted a U.S. think tank earlier this year, and it used a clever method to bypass multi-factor authentication and access emails. "At the time of the investigation, Volexity deduced that the likely infection was the result of the SolarWinds box on the target network; however, it was not fully understood exactly how the breach occurred, therefore Volexity was not in a position to report the circumstances surrounding the breach to SolarWinds," Volexity said.

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.

As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they've been caught in the blast. Fast forward to the weekend, and various US government organizations discovered they too had been hacked, with Russia's APT29 aka Cozy Bear team suspected by officials.

Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector - as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies. Research by The Register has shown that SolarWinds' Orion is used widely across the British public sector, ranging from the Home Office and Ministry of Defence through NHS hospitals and trusts, right down to local city councils.

The following day, the Cybersecurity and Infrastructure Security Agency issued an emergency directive asking all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately. FireEye, SolarWinds, Microsoft, and other sources all have pointed to a foreign nation-state as the source of this prolonged attack.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate. SolarWinds' customer listing [1, 2] includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.