U.S. claims Russia stole sensitive defense information.
On Wednesday, The federal administration’s Cybersecurity and Infrastructure Security Agency (CISA) stated that cyber-sleuths from Russia had gained “significant information about U.S. weapons platforms ‘ development and deployment dates along with vehicle specifications and plans for the communications infrastructure as well as information technology.”
The Agency snatched confidential and classified emails and documents and information on proprietary export-controlled technology.
CISA’s announcement says:
“From until at minimum January 2020 until February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have been observing a regular attack on U.S. cleared defense contractors (CDCs) by Russian cyber actors sponsored by the state.”
According to reports, 150,000 Russian troops are residing near the borders of Ukraine, and American officials think that an invasion is imminent.
However, Russia claims it won’t do it, and world leaders are working to resolve the problem through diplomatic means.
It is said that the hackers did not employ new techniques to access their networks. U.S. defense contractors.
In the words of CISA, the tools employed by cyber-attackers funded by the Kremlin include established techniques like spearphishing and credentials collection, password cracking, etc.
Microsoft 365 is the main attack by the hackers who attempted to compromise its productivity apps and its complementary cloud services.
The reward for intruders seems to be the M365 credential that they used to hide within defense contractors over a long period. The penetrations were often missed.
“In one instance, the actor’s utilized authentic credentials from the global admin account of the M365 tenant to access the administration portal and alter permissions on an existing enterprise app to grant read the access of all SharePoint pages within the environment, along with tenant-specific user-profiles and mailboxes for emails.”
The following month, the hackers launched a string of attacks focusing on CVE-2018-13379, a flaw within FortiGate’s FortiGate SSL VPN discovered in May 2019.
CISA also issued guidance for preventing attacks of this kind.
Any organization with evidence of compromise must assume a complete identity breach and initiate a full identity reset.
The most basic measures are running antivirus software, using strong passwords, and multi-factor authentication. Implementing the principle of minimum access is recommended too.
CISA’s recommendations require a thorough investigation of trust-related connections, including cloud-based service companies.