The Microsoft Cyberattack on the Solar-Winds Group, Cozy Bear Group, and Other U.S. Cyber-Atlasers
The main focus of the SVR is intelligence-gathering. It primarily targets governments, diplomats, think tanks and IT service providers in the U.S. and Europe.
Microsoft said that the SolarWinds hacking campaign was the most sophisticated nation-state attack in history. In addition to U.S. government agencies, including the departments of Justice and Treasury, more than 100 private companies and think tanks were compromised, including software and telecommunications providers.
Microsoft calls the hacking unit Midnight Blizzard. Last year it changed its name to the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.
A company spokesperson said Microsoft had no immediate comment on which or how many members of its senior leadership had their email accounts breached. The hackers’ access was removed from the compromised accounts by Microsoft on or about January 13, according to the regulatory filing.
Microsoft, which is based in Redmond, Washington, said the hackers from Russia’s SVR foreign intelligence agency were able to gain access by compromising credentials on a “legacy” test account, suggesting it had outdated code. After gaining a foothold, they used the account’s permissions to access the accounts of the senior leadership team and others. password spraying is a brute force attack technique used by the hackers.
A month ago, Microsoft disclosed a security flaw that could affect the company’s business. Unless you can get a national-security waiver, they have four days to do it.
A Survey of Facebook Users, User Behavior, and Government Policies in Myanmar’s Military-Infiltrated Scams: The US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked
The threat actor uses a single password to log into multiple accounts. The same Russian hacking team used a technique to try to steal credentials from at least 40 different organizations through Microsoft Teams chats, which Microsoft described in an August blog post.
Consumer Reports and The Markup used crowdsourced research to discover which data brokers and other organizations are monitoring and tracking the data of 709 Facebook users. Reporters studied the data and found that a total of 186,592 companies gave data about 709 individuals to Facebook. On average, each of those users had information sent to Facebook about them by 2,230 companies. The number varied, though. Some users had less than average while others had more than 7,000 companies that provided information to the social network.
The UN believes there may be 100,000 people in scam centers in Cambodia. “I’ve worked in this space for over 20 years and to be honest, we’ve never seen anything like what we’re seeing now in Southeast Asia in terms of the sheer numbers of people,” Rebecca Miller, regional program director for human trafficking at the UN Office on Drugs and Crime told Vox.
As rebel groups in Myanmar violently oppose the country’s military government, the human trafficking and abuse fueling pig butchering scams is exacerbating the conflict. The scam has exploded in the past few years due to a workforce of forced laborers who have been kidnapped and are being held against their will. The Three Brotherhood Alliance took control of 100 military outposts in the country’s north, and seized several towns along the border with China, in order to destroy telecom fraud and scam dens.
Walmart has been particularly deficient in addressing gift card abuses, which are a long-standing problem, according to new reports from ProPublica. The retailer has been skirting the pressure from regulators to more closely scrutinize gift card sales and money transfers, and to expand employee training, which could be used to stop bad actors from exploiting customers. Interviews, internal documents, court Filings, and public records were reviewed by ProPublica.
Source: Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked
What Have We Learned About the US Cyber Security and Privacy Enforcement? The Case of the Ivanti Connect Secure Platform and its Social Impact in 2021
The Ivanti product series was renamed to Ivanti Connect Secure. Vulnerabilities in that VPN platform were notoriously exploited in a rash of high-profile digital breaches in 2021 carried out by Chinese state-backed hackers.
The US Cybersecurity and Infrastructure Security Agency issued the emergency directive on Friday requiring federal agencies to patch two vulnerabilities that are being actively exploited in the popular Ivanti connect and policy secure appliances. The executive assistant director of the Collective Intelligence System of Agency told reporters that around 15 agencies applied mitigations because of the version of the product they are running. “We are not assessing a significant risk to the federal enterprise, but we know that risk is not zero,” Goldstein said. He said that there were ongoing investigations into if any federal agencies had been compromised in the mass exploitation spree.
There is more. We do not break or cover security and privacy stories in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
The data broker X-Mode (now Out Logic), which had sold location data to the US government and other clients, has agreed to a settlement with the US Federal Trade Commission. The FTC and US government’s data privacy enforcement power are not always used in a fair way and companies can escape scrutiny and consequences if they don’t protect consumer data.
A major coordinated disclosure this week called attention to the importance of prioritizing security in the design of graphics processing units (GPUs). Researchers published details about the “LeftoverLocals” vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could be exploited to steal sensitive data, such as responses from AI systems. Meanwhile, new findings from the cryptocurrency tracing firm Chainalysis show how stablecoins that are tied to the value of the US dollar were instrumental in cryptocurrency-based scams and sanctions evasion last year.