Security News

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

Police forces were found by IPCO to be treating applications to use spying powers as a tickbox exercise, perhaps unsurprisingly given that these are self-authorisations rubberstamped by police managers themselves. "To provide oversight that satisfies this judgment, IPCO reviewed the use of bulk data at GCHQ and has now incorporated the sharing of bulk data with foreign partners into its regular oversight and inspection arrangements," said IPCO in a statement.

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence. The National Security Council has established a Cyber Unified Coordination Group following the SolarWinds breach to help the intelligence agencies better coordinate the US government's response efforts surrounding this ongoing espionage campaign.

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

Some of America's most deeply held secrets may have been stolen in a disciplined, monthslong operation being blamed on elite Russian government hackers. Thomas Rid, a Johns Hopkins cyberconflict expert, said the campaign's likely efficacy can be compared to Russia's three-year 1990s "Moonlight Maze" hacking of U.S. government targets, including NASA and the Pentagon.

Threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, needing just a few days for each attack. While emulators are not malicious tools, the group behind this campaign used them for malicious purposes emulating compromised devices or setting up what looked like new devices picked up by the compromised accounts' owners.

Using indicators of compromise made available by FireEye, threat intelligence and incident response firm Volexity determined that the threat group behind the SolarWinds hack targeted a U.S. think tank earlier this year, and it used a clever method to bypass multi-factor authentication and access emails. "At the time of the investigation, Volexity deduced that the likely infection was the result of the SolarWinds box on the target network; however, it was not fully understood exactly how the breach occurred, therefore Volexity was not in a position to report the circumstances surrounding the breach to SolarWinds," Volexity said.

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.

As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they've been caught in the blast. Fast forward to the weekend, and various US government organizations discovered they too had been hacked, with Russia's APT29 aka Cozy Bear team suspected by officials.

Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector - as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies. Research by The Register has shown that SolarWinds' Orion is used widely across the British public sector, ranging from the Home Office and Ministry of Defence through NHS hospitals and trusts, right down to local city councils.