Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Suspected Russian hacking spree used another major tech supplier -sources

Featured Replies

Suspected Russian hacking spree used another major tech supplier -sources

By Joseph Menn

 

2020-12-17T193402Z_2_LYNXMPEGBG1RA_RTROPTP_4_GLOBAL-CYBER-SOLARWINDS.JPG

FILE PHOTO: SolarWinds Corp banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York, U.S., October 19, 2018. REUTERS/Brendan McDermid/File Photo

 

SAN FRANCISCO (Reuters) -The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software made by SolarWinds that had been compromised.

 

Another major technology supplier was also compromised by the same attack team and used to get into high-value final targets, according to two people briefed on the matter.

 

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

 

The U.S. Energy Department also said they have evidence hackers gained access to their networks as part of a massive cyber campaign. Politico had earlier reported the National Nuclear Security Administration, which manages the country's nuclear weapons stockpile, was targeted.

 

An Energy Department spokeswoman said malware "has been isolated to business networks only" and had not impacted U.S. national security, including the NNSA.

 

The Department of Homeland Security said in a bulletin on Thursday the spies had used other techniques besides corrupting updates of network management software by SolarWinds, which is used by hundreds of thousands of companies and government agencies.

 

"The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged," said DHS's Cybersecurity and Infrastructure Security Agency, referring to "advanced persistent threat" adversaries.

 

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they did gain access too.

 

CISA said it was continuing to analyze the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.

 

As many as 18,000 Orion customers downloaded the updates that contained a back door. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

 

But the attackers might have installed additional ways of maintaining access in what some have called the biggest hack in a decade.

 

For that reason, officials said that security teams should communicate through special channels to ensure that their own detection and remediation efforts are not being monitored.

 

The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures. They are assuming that the nonclassified networks have been accessed.

 

CISA and private companies including FireEye, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

 

But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed. That makes it hard to know what has been taken.

 

Some major companies have issued carefully worded statements saying that they have "no evidence" that they were penetrated, but in some cases that may only be because the evidence was removed.

 

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.

 

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

 

In a statement, President-elect Joe Biden said he would "elevate cybersecurity as an imperative across the government" and "disrupt and deter our adversaries" from undertaking such major hacks.

 

(Reporting by Joseph Menn and Chris Bing; Editing by Lisa Shumaker)

 

reuters_logo.jpg

-- © Copyright Reuters 2020-12-18
 
  • Replies 42
  • Views 2.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I guess the Russians needed to develop new sources now that Trump is on the way out.

  • It’s a big deal damage is still being assessed lots went wrong on trumps watch what a disaster on every level and in every way a true fubar 

  • The Russians have been penetrating US security since March undetected. That's the cyber equivalent of a Russian bomber flying freely above US skies. Trump's response...zero. US records more

Posted Images

  • Popular Post

I guess the Russians needed to develop new sources now that Trump is on the way out.

  • Popular Post

It’s a big deal damage is still being assessed lots went wrong on trumps watch what a disaster on every level and in every way a true fubar 

  • Popular Post

Silence from the WH.

 

But then what should we expect from Trump who stood before the world’s press and openly backed Putin over the US intelligence and security services.

 

Don’t be at all surprised that if he does address this he backs Russia.

  • Popular Post

This was Putin's message to Trump that he has outlived his usefullness. Wondering when the compromising info will be released.

Off-topic, troll post and replies removed.  Stay on topic, please.

 

  • Popular Post

Trump remains silent as massive cyber hack poses 'grave risk' to government

 

"It's unclear when, if at all, Trump may have been briefed on the latest hack, nor is it clear how engaged Trump has been in responding. He has left all public responses to members of his Cabinet and administration. And despite a healthy pace of tweets about the election results and his false claims of voter fraud, he has not issued any message about the hack.

:bah:

One thing I noticed about Russians is that a lot of them are highly educated. Go to your strengths. The US dumb down culture may yet be their undoing. Im not even thinking of China and India. 

  • Popular Post
11 minutes ago, nausea said:

One thing I noticed about Russians is that a lot of them are highly educated. Go to your strengths. The US dumb down culture may yet be their undoing. Im not even thinking of China and India. 

 

I worked it the IT industry for a number of years. US R&D and IP is outstanding, I do believe your critique is unfair. We don't know the level of penetration by US and other Western security agencies into Russian and other hostile countries infrastructure and agencies, but I suggest, if circumstances warranted, they would achieve their objectives.

9 minutes ago, simple1 said:

 

I worked it the IT industry for a number of years. US R&D and IP is outstanding, I do believe your critique is unfair. We don't know the level of penetration by US and other Western security agencies into Russian and other hostile countries infrastructure and agencies, but I suggest, if circumstances warranted, they would achieve their objectives.

Fair enough, I'm a layman. 

  • Popular Post

The Russians have been penetrating US security since March undetected. That's the cyber equivalent of a Russian bomber flying freely above US skies.
Trump's response...zero.


US records more covid deaths in a single day than the 911 terrorist attack.
Trump's response...zilch.

 

He's too busy peddling fake conspiracy theories about election fraud to help him fight for a job that he is clearly not doing.

 

Good riddance,Trump..the worst president in US history!

  • Popular Post

seems.....convenient.

 

evil mastermind putin goes on a massive hacking spree just as a new administration is preparing to be installed in washington, just in time to poison the prospects for improved relations.

 

and.....conveniently....employs a software provider associated with dominion voting machines, effectively breathing new life into the ever-debunked claims of massive hugo chavezian vote-rigging.

 

 

O  o o o What do I feel pity with the US. LOL

15 hours ago, webfact said:

tentatively attributed to the Russian government

Amazing article.  The Russians are blamed in the headline and yet there is no evidence and they only get mentioned using 5 words in a two page article??  

29 minutes ago, ThaiFelix said:

Amazing article.  The Russians are blamed in the headline and yet there is no evidence and they only get mentioned using 5 words in a two page article??  

Its not much of an article. They are keeping China up their sleeves until the Xinjiang story runs out of puff.

the hack has been going for years, possibly decades

 

even the Pentagon is compromised,

14 hours ago, dexterm said:

The Russians have been penetrating US security since March undetected. That's the cyber equivalent of a Russian bomber flying freely above US skies.
Trump's response...zero.


US records more covid deaths in a single day than the 911 terrorist attack.
Trump's response...zilch.

 

He's too busy peddling fake conspiracy theories about election fraud to help him fight for a job that he is clearly not doing.

 

Good riddance,Trump..the worst president in US history!

Sir you are far to kind!still no statement from trump on this grevious threat to our national security guess he’s to busy grifting the ...........his..........errr......(base).......

  • Popular Post
9 hours ago, ThaiFelix said:

Amazing article.  The Russians are blamed in the headline and yet there is no evidence and they only get mentioned using 5 words in a two page article??  

From other articles, it's been said this hack has the same characteristics of other Russian hacks.  Seems they are quite sure it was Russia.  Just not publicly announcing it yet.  Probably because Trump's busy out playing golf.

 

https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html?action=click&module=Well&pgtype=Homepage&section=Technology

Quote

Officials have yet to publicly name the attacker responsible, but intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. A Microsoft “heat map” of infections shows that the vast majority — 80 percent — are in the United States, while Russia shows no infections at all.

 

5 minutes ago, stevenl said:

Trump is pointing at china while pompeo is accusing russia. At the same time Trump is also saying the voting machines may have been hacked by china.

 

https://m.dw.com/en/trump-downplays-massive-us-cyberattack-points-to-china/a-55996519?maca=en-rss-en-world-4025-rdf

Lol! Every time Russia is accused orsuspevted, Trump tries to divert attention to another country: Ukraine, China, etc...

36 minutes ago, stevenl said:

Trump is pointing at china while pompeo is accusing russia. At the same time Trump is also saying the voting machines may have been hacked by china.

 

https://m.dw.com/en/trump-downplays-massive-us-cyberattack-points-to-china/a-55996519?maca=en-rss-en-world-4025-rdf

I mean why not, everything is possible in the cyberworld

  • Popular Post
22 minutes ago, GrandPapillon said:

I mean why not, everything is possible in the cyberworld

All US intelligence agencies are pointing at russia, seems the signature was pretty clear.

There was no hacking in the elections.

 

Just the usual Trump falsehoods, again swallowed by his followers.

1 minute ago, stevenl said:

All US intelligence agencies are pointing at russia, seems the signature was pretty clear.

There was no hacking in the elections.

 

Just the usual Trump falsehoods, again swallowed by his followers.

US intelligence have been wrong before, ie. Iraq WMD ????

  • Popular Post
37 minutes ago, GrandPapillon said:

US intelligence have been wrong before, ie. Iraq WMD ????

It has been wrong on order! Dick Cheney has been initially quite angry at the CIA because they failed to provide him with the intelligence he expected. Eventually, the CIA complied.

  • Popular Post

trump has downplayed / deflected Russian involvement with the latest round of hacking, again contrary to advise from US intelligence and SecDef. It will be interesting to understand what motivates trump to contradict his own people - wonder if the facts will ever reach the light of day...

 

https://www.msnbc.com/weekends-with-alex-witt/watch/trump-tweet-downplays-russia-hack-implicates-china-98074181766

  • Popular Post
3 hours ago, GrandPapillon said:

US intelligence have been wrong before, ie. Iraq WMD ????

Has trump ever been right?

 

On what basis do you think trump is correct ans intelligence agencies are wrong. Did putin tell him?

3 hours ago, GrandPapillon said:

US intelligence have been wrong before, ie. Iraq WMD ????

But they are not wrong this time.  Admit it.

On 12/18/2020 at 7:26 AM, Chomper Higgot said:

Silence from the WH.

 

But then what should we expect from Trump who stood before the world’s press and openly backed Putin over the US intelligence and security services.

 

Don’t be at all surprised that if he does address this he backs Russia.

Well I called that right didn’t I:

 

https://www.forbes.com/sites/tommybeer/2020/12/19/trump-still-wont-criticize-russia-claims-massive-cyber-hack-may-be-china-but-offers-no-evidence/?sh=11b915d2708a

 

Now fir for my next call:

 

Silence from Trump’s supporters and if they do have anything to say they’ll blame China.

4 hours ago, GrandPapillon said:

US intelligence have been wrong before, ie. Iraq WMD ????

The mistake the CIA made was following orders to overstate evidence to match the objectives of the Bush administration plan to invade Iraq.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.