MY KOLKATA EDUGRAPH
ADVERTISEMENT
regular-article-logo Monday, 23 December 2024

New Russia cyber attack on US firms

Raid comes after Biden imposed curbs on Moscow

David E. Sanger Published 26.10.21, 03:37 AM
While Microsoft insisted that the percentage of successful breaches was small, it did not provide enough information to accurately measure the severity of the theft.

While Microsoft insisted that the percentage of successful breaches was small, it did not provide enough information to accurately measure the severity of the theft. Shutterstock

Russia’s premier intelligence agency has launched another campaign to pierce thousands of US government, corporate and think-tank computer networks, Microsoft officials and cybersecurity experts warned on Sunday, only months after President Biden imposed sanctions on Moscow in response to a series of sophisticated spy operations it had conducted around the world.

The new effort is “very large, and it is ongoing”, Tom Burt, one of Microsoft’s top security officers, said.

ADVERTISEMENT

Government officials confirmed that the operation, apparently aimed at acquiring data stored in the cloud, seemed to come out of the SVR, the Russian intelligence agency that was the first to enter the Democratic National Committee’s networks during the 2016 election.

While Microsoft insisted that the percentage of successful breaches was small, it did not provide enough information to accurately measure the severity of the theft.

Earlier this year, the White House blamed the SVR for the so-called SolarWinds hacking, a highly sophisticated effort to alter software used by government agencies and the nation’s largest companies, giving the Russians broad access to 18,000 users.

Biden said the attack undercut trust in the government’s basic systems and vowed retaliation for both the intrusion and election interference. But when he announced sanctions against Russian financial institutions and technology companies in April, he pared back the penalties.

“I was clear with President Putin that we could have gone further, but I chose not to do so,” Biden said at time, after calling the Russian leader. “Now is the time to de-escalate.”

American officials insist that the type of attack Microsoft reported falls into the category of the kind of spying major powers regularly conduct against one another.

Still, the operation suggests that even while the two governments say they are meeting regularly to combat ransomware and other maladies of the Internet age, the undermining of networks continues apace in an arms race that has sped up as countries sought Covid-19 vaccine data and a range of industrial and government secrets.

“Spies are going to spy,” John Hultquist, the vice president for intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, said on Sunday at the Cipher Brief Threat Conference in Sea Island, where many cyberexperts and intelligence officials met. “But what we’ve learned from this is that the SVR, which is very good, isn’t slowing down.”

It is not clear how successful the latest campaign has been. Microsoft said it recently notified more than 600 organisations that they had been the target of about 23,000 attempts to enter their systems. By comparison, the company said it had detected only 20,500 targeted attacks from “all nation-state actors” over the past three years.

Microsoft said a small percentage of the latest attempts succeeded but did not provide details or indicate how many of the organisations were compromised.

US officials confirmed that the operation, which they consider routine spying, was underway. But they insisted that if it was successful, it was Microsoft and similar providers of cloud services who bore much of the blame.

A senior administration official called the latest attacks “unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices”.

“We can do a lot of things,” the official said, “but the responsibility to implement simple cybersecurity practices to lock their — and by extension, our — digital doors rests with the private sector”. Government officials have been pushing to put more data in the cloud because it is far easier to protect information there.

New York Times News Service

Follow us on:
ADVERTISEMENT
ADVERTISEMENT