MY KOLKATA EDUGRAPH
ADVERTISEMENT
regular-article-logo Saturday, 23 November 2024

Russia ‘behind US state department hack’

Discovery of the breach comes only three weeks before Biden is scheduled to meet Putin in Geneva, and at a moment of increased tension between the two nations

David E. Sanger, Nicole Perlroth New York Published 29.05.21, 12:41 AM
Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsible.

Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsible. Shutterstock

Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the state department’s international aid agency to burrow into the computer networks of human rights groups and other organisations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday.

Discovery of the breach comes only three weeks before President Biden is scheduled to meet Putin in Geneva, and at a moment of increased tension between the two nations — in part because of a series of increasingly sophisticated cyberattacks emanating from Russia.

ADVERTISEMENT

The newly disclosed attack was also particularly bold: By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organisations that regularly receive communications from the US Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing.

The email was implanted with code that would give the hackers unlimited access to the computer systems of the recipients, from “stealing data to infecting other computers on a network”, Tom Burt, a Microsoft vice-president, wrote on Thursday night.

Last month, Biden announced a series of new sanctions on Russia and the expulsion of diplomats for a sophisticated hacking operation, called SolarWinds.

That attack went undetected by the US government for nine months, until it was discovered by a cybersecurity firm. In April, Biden said he could have responded far more strongly, but “chose to be proportionate” because he did not want “to kick off a cycle of escalation and conflict with Russia”.

The Russian response nonetheless seems to have been escalation. The malicious activity was underway as recently as the past week.

That suggests that the sanctions and whatever additional covert actions the White House carried out — part of a strategy of creating “seen and unseen” costs for Moscow — has not choked off the Russian government’s appetite for disruption.

A spokesperson for the Cybersecurity and Infrastructure Security Agency at the department of homeland security said late on Thursday that the agency was “aware of the potential compromise” at the Agency for International Development and that it was “working with the FBI and USAID to better understand the extent of the compromise and assist potential victims”.

Microsoft identified the Russian group behind the attack as Nobelium, and said it was the same group responsible for the SolarWinds hack. Last month, the American government explicitly said that SolarWinds was the work of the SVR, one of the most successful spinoffs from the Soviet-era KGB.

The same agency was involved in the hacking of the Democratic National Committee in 2016, and before that, in attacks on the Pentagon, the White House email system and the state department’s unclassified communications.

It has grown increasingly aggressive and creative, federal officials and experts say. The SolarWinds attack was never detected by the US government, and was carried out through code implanted in network management software that the government and private companies use widely.

When customers updated the SolarWinds software — much like updating an iPhone overnight — they were unknowingly letting in an invader.

Among the victims last year were the departments of homeland security and energy, as well as nuclear laboratories.

When Biden came to office, he ordered a study of the SolarWinds case, and officials have been working to prevent future “supply chain” attacks, in which adversaries infect software used by federal agencies.

That is similar to what happened in this case, when Microsoft’s security team caught the hackers using a widely used email service, provided by a company called Constant Contact, to send malicious emails that appeared to come from genuine Agency for International Development addresses.

But the content was, at times, hardly subtle. In one email sent through Constant Contact’s service on Tuesday, the hackers highlighted a message claiming that “Donald Trump has published new emails on election fraud”. The email bore a link that, when clicked, drops malicious files onto the computers of the recipients.

New York Times News Service

Follow us on:
ADVERTISEMENT
ADVERTISEMENT