Microsoft Blames The Russians For Yet Another “Extensive Cyberattack” Impacting Public & Private Entities
With President Biden’s domestic agenda deadlocked in Congress, and his approval rating plunging, are the Dems’ allies in Big Tech trying to help revive the Russian hysteria to try and give their doddering leader a bit of a boost?
Late Sunday, the NYT reported that Microsoft, along with a group of “cybersecurity experts”, warned late Sunday that Russia’s SVR intelligence agency – the same people allegedly responsible for the SolarWinds hack, one of the most extensive cyberattacks in recent memory, has launched another massive campaign to infiltrate thousands of different computer networks belonging to the US government, companies and think thanks. This latest ‘cyber assault’ follows the Biden Administration’s decision to slap new economic sanctions on Russia. Biden also publicly promised that the US would ‘retaliate’ against Russia in response to what he described as a global campaign of cyber intrusions, prompting scoffs from some of his critics.
While the NYT presented its report with a “breaking news” headline, this really isn’t anything new. Microsoft announced another intrusion allegedly orchestrated by the group behind SolarWinds, and it seems like this breach is merely part of an ongoing effort to conduct what the NYT and CNBC described as cyberespionage.
Biden and his team have suggested in recent months that cyber-tensions with the Russians have cooled.
In typically cryptic fashion, Microsoft claimed that the hack was “very large, and ongoing” while simultaneously involving only a small number of “successful breaches”.
The new effort is “very large, and it is ongoing,” Tom Burt, one of Microsoft’s top security officers, said in an interview. Government officials confirmed that the operation, apparently aimed at acquiring data stored in the cloud, seemed to come out of the S.V.R., the Russian intelligence agency that was the first to enter the Democratic National Committee’s networks during the 2016 election.
While Microsoft insisted that the percentage of successful breaches was small, it didn’t provide enough information to accurately measure the severity of the theft.
The Russian intelligence agency was “attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global information technology supply chain,” Mr. Burt said.
That supply chain is the chief target of the Russian government hackers — and, increasingly, Chinese hackers who are trying to replicate Russia’s most successful techniques.
The company claimed that it has notified 600 “organizations” that they had been targeted, out of 23K supposed “attempts” to break into their systems by exploiting security holes in Microsoft products.
It is not clear how successful the latest campaign has been. Microsoft said it recently notified more than 600 organizations that they had been the target of about 23,000 attempts to enter their systems. By comparison, the company said it had detected only 20,500 targeted attacks from “all nation-state actors” over the past three years. Microsoft said a small percentage of the latest attempts succeeded but did not provide details or indicate how many of the organizations were compromised.
But is this really anything to worry about? As one NYT source said: “Spys are going to spy.” Even unnamed federal officials apparently confirmed this.
American officials insist that the type of attack Microsoft reported falls into the category of the kind of spying major powers regularly conduct against one another. Still, the operation suggests that even while the two governments say they are meeting regularly to combat ransomware and other maladies of the internet age, the undermining of networks continues apace in an arms race that has sped up as countries sought Covid-19 vaccine data and a range of industrial and government secrets.
“Spies are going to spy,” John Hultquist, the vice president for intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, said on Sunday at the Cipher Brief Threat Conference in Sea Island, where many cyberexperts and intelligence officials met. “But what we’ve learned from this is that the S.V.R., which is very good, isn’t slowing down.”
American officials confirmed that the operation, which they consider routine spying, was underway. But they insisted that if it was successful, it was Microsoft and similar providers of cloud services who bore much of the blame.
Asked if “we do the same thing”, CNBC’s Eamon Javers readily admitted that the US conducts similar spying operations against Russia. In fact, that’s the NSA’s primary function.
As we noted above, this type of cyberintrusion is nothing new. But the bigger question is whether these same actors are behind damaging ransomware attacks like the one that briefly shutdown the Colonial Pipeline (which ended with the FBI purportedly “seizing” and recovering the ransom supposedly paid by the company. That Biden Administration has tried to suggest Russian groups were responsible for this and other ransomware attacks, but as Biden admitted over the summer, “we’re not sure” whether the Russians were actually behind those attacks, although the MSM had few qualms simply pinning it all on Putin, the Democrats’ great Russian boogeyman.
It’s a role that Putin has seemingly relished.
Mon, 10/25/2021 – 08:58