Story
The United States has imposed sanctions on Russia and expelled ten diplomats as a result of the SolarWinds cyberattack.
The United States and the United Kingdom formally attributed the supply chain attack on SolarWinds, an IT infrastructure management company, to government operatives working for Russia's Foreign Intelligence Service on Thursday (SVR).
Russia's pattern of malign behavior around the world demonstrates that Russia remains the most acute threat to the United Kingdom's national and collective security, the UK government said in a statement.
.jpg)
To that end, the US Treasury Department has imposed broad sanctions on Russia for undermining the conduct of free and fair elections and democratic institutions in the US, as well as for its role in facilitating the massive SolarWinds hack, as well as a ban on six technology companies in the country that support Russian Intelligence Services' cyber program.
ERA Technopolis, Pasit, Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA), Neobit, Advanced System Technology, and Pozitiv Teknolodzhiz (Positive Technologies) are among the companies. The last three are IT security firms whose customers are said to include the Russian Ministry of Defense, SVR, and Rus (FSB).
In addition, ten members of Russia's diplomatic mission in Washington, D.C., including representatives from its intelligence services, have been expelled by the Biden administration.
The Treasury Department stated that the scope and scale of this compromise, combined with Russia's history of reckless and disruptive cyber operations, makes it a national security concern. By allowing malware to be installed on the machines of tens of thousands of SolarWinds customers, the SVR has put the global technology supply chain at risk.
Moscow, for its part, had previously denied involvement in the large-scale SolarWinds operation, claiming that it does not conduct offensive cyber operations.
The intrusions were discovered in December 2020, when FireEye and other cybersecurity firms revealed that the espionage campaign's operators had compromised the SolarWinds Orion platform's software build and code signing infrastructure as early as October 2019 in order to deliver the Sunburst backdoor with the goal of gathering sensitive information.
Up to 18,000 SolarWinds customers are thought to have received the trojanized Orion update, though the attackers chose their victims carefully, escalating the attacks only in a few cases by deploying Teardrop malware based on an initial reconnaissance of the target environment for high-value accounts and assets.
According to the executive order issued by the US government, the adversary's compromise of the SolarWinds software supply chain gave it the ability to remotely spy on or potentially disrupt more than 16,000 computer systems around the world.
Besides infiltrating the networks of Microsoft, FireEye, Malwarebytes, and Mimecast, the attackers are also said to have used SolarWinds as a stepping stone to breaching several U.S. agencies such as the National Aeronautics and Space Administration (NASA), the Federal Aviation Administration (FAA), and the Departments of State, Justice, Commerce, Homeland Security, Energy, Treasury, and the National Institutes of Health.
In addition, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have issued a joint advisory advising businesses about APT29's successful exploitation of five publicly identified vulnerabilities to gain initial footholds into victim devices and networks —
<ul style="box-sizing: border-box; outline: 0px; margin: 28px 0px 28px 50px; padding-right: 0px; padding-left: 0px; overflow-wrap: break-word; list-style-position: initial; list-style-image: initial; border: 0px; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; font-size: 16px; line-height: inherit; font-family: Roboto, -apple-system, BlinkMacSystemFont, " segoe="" ui",="" oxygen,="" ubuntu,="" cantarell,="" "fira="" sans",="" "droid="" "helvetica="" neue",="" sans-serif;="" vertical-align:="" baseline;="" color:="" rgb(43,="" 45,="" 65);"="">
- CVE-2018-13379 - Fortinet FortiGate VPN
- CVE-2019-9670 - Synacor Zimbra Collaboration Suite
- CVE-2019-11510 - Pulse Secure Pulse Connect Secure VPN
- CVE-2019-19781 - Citrix Application Delivery Controller and Gateway
- CVE-2020-4006 - VMware Workspace ONE Access
Pulse Secure said in a statement to The Hacker News that the NSA discovered a bug in legacy deployments that was fixed in April 2019, and that customers who followed the instructions in a Pulse Secure security advisory released at the time have properly secured their systems and mitigated the threat.
We see what Russia is doing to weaken our democracy, said Dominic Raab, the UK Foreign Secretary. The United Kingdom and the United States are condemning Russia's malign behavior so that our foreign partners and domestic companies can better protect and brace themselves against such actions.
