Hackers last year conducted a 'dry run' of SolarWinds breach
source link: https://news.yahoo.com/hackers-last-year-conducted-a-dry-run-of-solar-winds-breach-215232815.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Hackers last year conducted a 'dry run' of SolarWinds breach
Hackers who breached federal agency networks through software made by a company called SolarWinds appear to have conducted a test run of their broad espionage campaign last year, according to sources with knowledge of the operation.
The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company’s software update servers. The October files, distributed to customers on Oct. 10, did not have a backdoor embedded in them, however, in the way that subsequent malicious files that victims downloaded in the spring of 2020 did, and these files went undetected until this month.
“We’re thinking they wanted to test whether or not it was going to work and whether it would be detected. So it was more or less a dry run,” a source familiar with the investigation told Yahoo News. “They took their time. They decided to not go out with an actual backdoor right away. That signifies that they’re a little bit more disciplined and deliberate.”
The October files were discovered in the systems of several victims, but investigators have so far found no signs that the hackers engaged in any additional malicious activity on those systems after the files landed on them.
Five months later, the hackers added new malicious files to the SolarWinds software update servers that got distributed and installed on the networks of federal government agencies and other customers. These new files installed a backdoor on victim networks that allowed the hackers to directly access them. Once inside an infected network, the attackers could have used the SolarWinds software to learn about the structure of the network or alter the configuration of network systems. But they would also have been able to breach other systems on the network or download new malicious files directly to those systems.
The specific number of infected victims remains unknown at this time, but some of the victims breached with the spring 2020 files reportedly include: divisions within the U.S. Treasury and Commerce departments, the Department of Homeland Security, national labs working for the Department of Energy, and the National Nuclear Security Administration, which oversees the national nuclear weapons stockpile. In the commercial sector, the security firm FireEye was also breached by the hackers through SolarWinds software, and late Tuesday Microsoft acknowledged that it had found malicious SolarWinds files on its network as well. Not all SolarWinds customers downloaded the malicious updates.
The Treasury Building in Washington, D.C. (Patrick Semansky/AP)SolarWinds headquarters in Austin, Texas. (Sergio Flores/Reuters)Attendees walk by the FireEye booth during the 2016 Black Hat cybersecurity conference in Las Vegas. (David Becker/Reuters)
The IndependentBiden’s niece avoids prison time for driving under the influence crash
Caroline Biden’s arraignment was one day after 3 November’s presidential election
48m ago
Associated PressGeneral sorry for 'miscommunication' over vaccine shipments
The Army general in charge of getting COVID-19 vaccines across the United States apologized on Saturday for “miscommunication” with states over the number of doses to be delivered in the early stages of distribution. Perna's remarks came a day after a second vaccine was added in the fight against COVID-19, which has killed more than 312,000 people in the U.S. Governors in more than a dozen states have said the federal government has told them that next week’s shipment of the Pfizer-BioNTech vaccine will be less than originally projected. Perna acknowledged the criticism and accepted blame.
1d ago
The WeekSchumer, Toomey resolve COVID-19 relief sticking point, potentially setting stage for vote
The Senate appeared to reach a major breakthrough in COVID-19 relief negotiations late Saturday, and Senate Minority Leader Chuck Schumer (D-N.Y.) said he believes both the House and Senate will vote on a package Sunday so long as "nothing gets in the way."Schumer and Sen. Pat Toomey (R-Pa.) were finishing up details of a compromise that seemingly resolves a sticking point about the Federal Reserve's ability to set up emergency lending programs without congressional approval, which Toomey wanted to restrict. Under the deal, The Wall Street Journal reports, the central bank wouldn't lose that power, but its options would be narrower — the Fed wouldn't be able to replicate programs identical to the ones it started in March unless Congress signed off.A spokesman for Senate Majority Leader Mitch McConnell said the resolution means "we can begin closing out the rest of the package to deliver much-needed relief to families, workers, and businesses."The finer details of the $900 billion proposal are still unclear, and talks could still hit a snag over certain issues, but should it go through, per CNN, the bill is expected to include $300 per week in enhanced unemployment benefits, $600 direct payments for individuals, $330 billion for small business loans, more than $80 billion for schools, and billions more for COVID-19 vaccine distribution. Read more at CNN and The Wall Street Journal.More stories from theweek.com 7 feel-good cartoons about the COVID vaccine breakthrough 5 insanely funny cartoons about Trump's election-fraud failure Trump's ultimate self-own
6h ago
ReutersU.S. officials eye new COVID-19 strain in UK, urge vigilance
The United States is monitoring the new strain of COVID-19 emerging in the United Kingdom, multiple U.S. officials said on Sunday, adding that it was unclear whether the mutated variant had made its way to America. Slaoui, chief scientific adviser for the Trump administration's Operation Warp Speed, added that the UK mutation was "very unlikely" to be resistant to current vaccines, saying: "We can't exclude it, but it's not there now." Other health officials from the outgoing Trump administration and the incoming Biden administration also said they were watching the strain rapidly spreading in Great Britain.
3h ago
Yahoo News VideoIrritated by loss, Trump hunkers down at the White House and avoids conversation of future
Sources say as {President Trump’s time at the White House dwindles down, he stays cooped up in the “presidential man cave” of the Oval Office, avoiding talks about the future.
2d ago
Business InsiderJacinda Ardern says New Zealand has bought so many COVID-19 vaccines that it will give free doses to neighboring countries
The prime minister says there will be "more than enough" COVID-19 vaccines for every New Zealander. Spare doses will go to Pacific nations.
10h ago
National ReviewBiden Press Secretary Says He ‘Will Not Be Discussing an Investigation of His Son’ with AG Candidates
President-elect Joe Biden will not be discussing any federal investigation of his son Hunter Biden's business dealings with any candidates for attorney general, Biden's incoming press secretary said Sunday.Jen Psaki was asked by Fox News Sunday host Chris Wallace whether Biden would promise to allow the U.S. attorney for Delaware to proceed with an investigation into Hunter Biden's taxes.“He will not be discussing an investigation of his son with any attorney general candidates. He will not be discussing it with anyone he is considering for the role. And he will not be discussing it with a future attorney general,” Psaki said.“It will be up to the purview of an attorney general in his administration to determine how to handle any investigation,” continued Psaki, who previously served as former president Barack Obama's communications director. “As you know, U.S. attorneys, that’s a personnel decision, we’re far from there at this point in the process.”Earlier this month, Hunter Biden announced that federal prosecutors were investigating his “tax affairs” but insisted he has handled his finances appropriately.“I take this matter very seriously but I am confident that a professional and objective review of these matters will demonstrate that I handled my affairs legally and appropriately, including with the benefit of professional tax advisors,” the younger Biden said of the federal probe in a statement.The former vice president addressed the investigation for the first time last week, saying he is “confident” his son did nothing wrong.Psaki noted that several positions in the administration have yet to be filled and that the administration would “allow the process to work how it should, which is for a Justice Department to be run independently by the attorney general at the top.”
2h ago
Associated PressEXPLAINER: Iran, despite sanctions, has routes to vaccines
Although Iran faces crushing U.S. sanctions, there are still ways for Tehran to obtain coronavirus vaccines as the country suffers the Mideast's worst outbreak of the pandemic. After earlier downplaying the virus, Iran has since acknowledged the scope of the disaster it faces after 1.1 million reported cases and over 52,000 deaths. Getting vaccines into the arms of its people would be a major step in stemming the crisis.
1d ago
Architectural Digest18 of the Most Anticipated High-Design Hotel Openings of 2021
We can’t wait to check inOriginally Appeared on Architectural Digest
2d ago
The IndependentGOP congressman says he will not take the Covid vaccine because he’s ‘an American’
‘I have the freedom to decide if I’m going to take a vaccine or not and in this case I am not going to take the vaccine,’ Congressman Ken Buck says
1d ago- Reuters
China says tailed U.S. warship in Taiwan Strait
China's military tailed a U.S. warship as it passed through the sensitive Taiwan Strait on Saturday, the Chinese military said, denouncing such missions as sending "flirtatious glances" to supporters of Taiwan independence. China, which claims democratically-run Taiwan as its own territory, has been angered by stepped-up U.S. support for the island, including arms sales and sailing warships through the Taiwan Strait, further souring Beijing-Washington relations. The U.S. Navy said the guided missile destroyer USS Mustin had conducted "a routine Taiwan Strait transit (on) Dec. 19 in accordance with international law".
1d ago 
Business InsiderTrump's chief of staff Mark Meadows attempted to hide his COVID-19 diagnosis and the White House outbreak
White House chief of staff, Mark Meadows, threatened to fire doctors if they disclosed any information to the public, reported the Washington Post.
5h ago
Associated PressMexico leader, U.S. president-elect discuss migration
Mexican President Andrés Manuel López Obrador said he spoke with U.S. President-elect Joe Biden by phone Saturday, five days after he sent a tardy and somewhat chilly letter of congratulations to Biden. "We reaffirmed our commitment to work together for the good of our peoples and our countries,” López Obrador wrote in his social media accounts. Biden's transition team said the two discussed migration, apparently with a focus on a theme that López Obrador has championed: developing jobs and opportunities so that people won't have to migrate.
17h ago
The TelegraphDonald Trump tells Boris Johnson 'cure can't be worse than problem itself' after tier 4 rules announced
Donald Trump has rejected following the UK's example and introducing a sweeping lockdown to slow the spread of the coronavirus. The US president retweeted the BBC's report on the fresh curbs being introduced in the UK, before ruling out his administration doing likewise. "We don’t want to have lockdowns. The cure cannot be worse than the problem itself!" he tweeted. Mr Trump's reluctance to implement a similar lockdown came as the number of cases in the US topped 17.5 million, with more than 314,000 people having died. Britain's new restrictions, which saw London and the South East plunged into a new stricter tier 4 were introduced amid evidence that the virus had mutated into a faster-spreading form of the disease.
22h ago
INSIDERBoston police are investigating after an officer was caught on body cam footage talking about hitting protesters with a car
"I'm f---ing hitting people with the car," the officer says, before backtracking after another officer appears to inform him that the camera is on.
15h ago
ReutersBritain digs heels in as deadline looms on post-Brexit trade talks
Britain reiterated on Saturday that it would prefer to leave the European Union with no trade deal rather than compromise its independence while there was no word from Brussels on whether progress had been made after a crucial day of talks. With less than two weeks before Britain leaves the EU's orbit, both sides are calling on the other to move to achieve a breakthrough and safeguard almost a trillion dollars worth of trade from tariffs and quotas. "Unfortunately, the EU are still struggling to get the flexibility needed from member states and are continuing to make demands that are incompatible with our independence."
1d ago
Associated PressIsrael begins virus inoculation drive as infections surge
Israel on Sunday began its coronavirus inoculation drive, aiming to vaccinate some 60,000 people a day in a bid to stamp out the illness that is once again surging among its population. The country will first immunize health workers, followed by the elderly, high-risk Israelis and those over 60 years old. Israel says it has secured sufficient doses for much of the country's 9 million people from both Pfizer and Moderna, whose vaccine U.S. authorities approved this week for emergency use.
12h ago
The TelegraphDonald Trump 'asked Michael Flynn about using the military to overturn the election'
Donald Trump discussed the possibility of imposing martial law to overturn the election with Michael Flynn, his former national security adviser, it was reported in the US. According to the New York Times, the president asked Mr Flynn to expand on the idea at a White House meeting on Friday. The meeting was the latest surreal twist in Mr Trump's relentless - and up to now unsuccessful - attempt to reverse his crushing defeat by Joe Biden. Reports of the meeting were dismissed as "fake news" and "bad reporting" by Mr Trump on Twitter. Still refusing to accept that he lost, Mr Trump has called for a massive rally in Washington DC on Jan 6, the day when both houses of Congress meet to formally confirm Joe Biden's election. 'Statistically impossible to have lost the 2020 election, he tweeted on Saturday. 'Big protest in D.C. on January 6th. Be there, will be wild!' Mr Flynn, who was pardoned by Mr Trump after pleading guilty to lying to the FBI during its investigation into Russian election interference in 2016, has emerged as one of the most outspoken supporters of the claim that Mr Biden's victory was "rigged". Undeterred by court after court rejecting legal bids to overturn Mr Trump's defeat and the Electoral College confirming Mr Biden's victory, Mr Flynn proposed more drastic measures on the conservative political website, Newsmax.
20h ago
NBC NewsCovid live updates: Latest on rising cases and the Covid-19 stimulus package
Although the legislation has not been released yet, the deal is expected to include direct payments of $600 for qualifying Americans.
7h ago
The WeekScientists aren't concerned about new coronavirus variant eluding current vaccines
The identification of a potentially more transmissible coronavirus variant, primarily in the United Kingdom, has scientists and government officials, alike, sounding the alarm. The U.K. has tightened lockdown measures, and several continental European countries are halting flights to Great Britain. There's no evidence the variant affects the severity of COVID-19 infections, but increased infectiousness would make curbing the spread even harder, which is why certain areas of the U.K. may face restrictions until there's widespread vaccine availability. But could mutations like the one in the U.K. render those vaccines ineffective?The consensus answer is reassuring for the time being. Daniel Altman, a professor of immunology at Imperial College London, told The Finanical Times the new variant should actually strengthen the case "for all to get vaccinated as soon as possible," explaining that the mutations won't be able to fool the neutralizing antibodies produced by the shot. Francois Balloux, director of the University College London Genetics Institute concurred, saying "it's not a strain that should be able to escape protection provided by immunization from the current vaccines or prior infection."That said, Trevor Bedford, a virologist who has kept a close watch on the virus throughout the pandemic, does think there should eventually be a process in place to update the vaccines so they can keep up with more significant mutations, much like the flu vaccine. He is not, however, worried about that affecting the 2021 vaccine roll out, while also clarifying that potential future drops in vaccine will likely be "modest." Read more at The Financial Times and check out Bedford's Twitter thread below. > With COVID19 vaccine efficacy of ~95%, I'm looking forward to vaccine distribution in 2021 bringing the pandemic under control. However, I'm concerned that we'll see antigenic drift of SARS-CoV-2 and may need to update the strain used in the vaccine with some regularity. 1/18> > -- Trevor Bedford (@trvrb) December 19, 2020More stories from theweek.com 7 feel-good cartoons about the COVID vaccine breakthrough 5 insanely funny cartoons about Trump's election-fraud failure Trump's ultimate self-own
3h ago
Recommend
-
7
Tuesday, 15 December 2020 12:05 Ex-NSA hacker slams SolarWinds over wording of SEC breach filing Featured By ...
-
6
ADVANCED PERSISTENT THREAT — SolarWinds hackers have a clever way to bypass multi-factor authentication Hackers who hit SolarWinds compromised a think tank three separate times....
-
10
Lessons Learned from the SolarWinds Breach January 5, 2021 Flexera @fle...
-
10
Application Security SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm
-
5
Web Security ...
-
8
FRIDAY NIGHT TRASH — SolarWinds hackers breach new victims, including a Microsoft support agent Discovery came as Microsoft was investigating new breaches by the same hacker group....
-
4
Cash App had a security breach last year that affected some U.S. customers Cash App is one of the most popular services for sending money over the internet, esp...
-
7
80% of organizations experienced a cloud security breach last year
-
7
Two hackers charged with last year’s DEA portal breach / Sagar Steven Singh and Nicholas Ceraolo, who are said to belong to the cybercrime group ‘Vile,’ allegedly used the information from a federal database to extort...
-
4
2020 SolarWinds Breach: Execs Face Potential SEC Legal ActionThe Securities and Exchange Commission may pursue civil enforcement action against SolarWinds’ chief information security officer and chief financial officer. ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK