Russian hackers behind SolarWinds breach continue to scour US and European organizations for intel, researchers say
By Sean Lyngaas, CNN
The Russian hackers behind a sweeping 2020 breach of US government networks have in recent months continued to hack US organizations to collect intelligence while also targeting an unnamed European government that is a NATO member, cybersecurity analysts tell CNN.
The new findings show how relentless the hacking group — which US officials have linked with Russia’s foreign intelligence service — is in its pursuit of intelligence held by the US and its allies, and how adept the hackers are at targeting widely used cloud-computing technologies.
The hacking efforts come as Russia’s invasion of Ukraine continues to fray US-Russia relations and drive intelligence collection efforts from both governments.
“In recent months, [the hacking group] has compromised the networks of US-based organizations that have data of interest to the Russian government,” said Charles Carmakal, senior vice president and chief technology officer at US cybersecurity firm Mandiant, which has responded to the hacks. Carmakal declined to elaborate on the types or number of US organizations that had been breached.
In separate activity revealed Tuesday, US cybersecurity firm Palo Alto Networks said that the Russian hacking group had been using popular services like Dropbox and Google Drive to try to deliver malicious software to the embassies of an unnamed European government in Portugal and Brazil in May and June.
Though it’s unclear how successful those hacking attempts were, they could offer the hackers a foothold into computer networks to collect intelligence, Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks’ Unit 42, told CNN.
The two hacking campaigns offer the latest example of how the elite Russian hacking group tried to evade US government and private investigators pursuing it.
The Russian hacking group is best known for using tampered software made by federal contractor SolarWinds to breach at least nine US agencies in activity that came to light in December 2020. The attackers were undetected for months in the unclassified email networks of the departments of Justice, Homeland Security and others.
The group continued to target US and European government networks, and software providers serving them, throughout 2021, according to researchers.
Google and Dropbox told CNN that they took steps to thwart the latest hacking activity.
“We were aware of the activity identified in this report, and had already proactively taken steps to protect any potential targets,” said Shane Huntley, senior director of Google’s Threat Analysis Group.
A Dropbox spokesperson told CNN that the company “disabled user accounts” involved in the alleged Russian hacking campaign “immediately” after they were reported.
The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.