There are many reasons why hackers might want to get into a big tech company’s systems.
Big tech companies like Intel and Nvidia had their computers hacked, along with the departments of the US federal government, in the SolarWinds hack.
Category: cybercrime/malcode – Page 212
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.
White House acknowledges reports of cyberattack on U.S. Treasury
The Washington Post linked the hack, which occurred over the weekend, to a group working for the Russian foreign intelligence service.
The FBI is currently investigating the group, known among private-sector cybersecurity firms as APT29 or Cozy Bear. The hackers are also believed to have breached the State Department, Joint Chiefs of Staff and the White House networks during the Obama administration.
The latest revelation comes less than a month after President Donald Trump fired Christopher Krebs, the nation’s top cybersecurity official.
Microsoft says it found malicious software in its systems
SAN FRANCISCO (Reuters)-Microsoft Corp said on Thursday it found malicious software in its systems related to a massive hacking campaign disclosed by U.S. officials this week, adding a top technology target to a growing list of attacked government agencies.
The Redmond, Washington company is a user of Orion, the widely deployed networking management software from SolarWinds Corp which was used in the suspected Russian attacks on vital U.S. agencies and others.
Microsoft also had its own products leveraged to attack victims, said people familiar with the matter. The U.S. National Security Agency issued a rare “cybersecurity advisory” Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.
NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory Thursday “Detecting Abuse of Authentication Mechanisms.” This advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud. It builds on the guidance shared in the cybersecurity advisory regarding VMware with state-sponsored actors exploiting CVE 2020–4006 and forging credentials to access protected files, though other nation states and cyber criminals may use this tactic, technique, and procedure (TTP) as well.
Detecting abuse of authentication mechanisms infographic.
