Microsoft has warned that the Russian group responsible for the SolarWinds hack is targeting the government. This comes in the wake of the United States and Britain accusing the Russian spy chief of coordinating the attack.
The hack on SolarWinds has been amongst the most damaging cyberespionage events in the world. The cybercriminals are reported as using the same methods to hack into USAID’s email marketing account. The operation resulted in hackers getting access to email addresses in the Treasury, Justice, and Commerce departments. Experts estimate that it will take up to several months to identify the extent of the compromise to the affected systems.
The Hack Explained
Nobelium, the Russian outfit responsible for the hack, is targeting its efforts towards gathering intelligence on foreign policies. The active incident targeted 24 countries across a total of 150 organizations. The hackers gained access to an email account run by USAID on Constant Contact. The methods used included apparent spear-phishing where legit-looking emails were sent out. Recipients were expected to click on a link that would then insert a malicious file into the system. The ensuing corruption in the system enabled the hackers to steal data from all infected computers.
The campaign is thought to have started in January this year. Microsoft reports that this campaign was different from the one used to target SolarWinds. The next stage of the campaign is expected to include compromising systems through an HTML file attached to emails. This makes government and government-adjacent networks increasingly susceptible to cyberattacks.
Microsoft’s warning of this attack comes barely three weeks before President Biden meets Putin in Geneva. Experts predict that the meeting will feature a discussion on international information security. Mainly, both envoys will be aiming at reaching an agreement on International Cyber Security Cooperation.
Why Nobelium Could Be Targeting the Government
Nobelium’s efforts seem to be directed towards government organizations involved in humanitarian and human rights work. The relatively long hiatus is expected to accomplish a myriad of political objectives. Their success is pegged on the use of files that have low static detection rates.
Notably, a former NSA contractor Edward Snowden is responsible for a document leak that shows the United States could likely be culpable. Specifically, these documents show that the methods used in the hack are similar to those used by the two countries to launch targeted cyberattacks in the past.
The involvement of Nobelium is an evolution from a decade ago when other governments spearheaded most government-sponsored attacks. The group seeks to take advantage of any underlying weaknesses in the security entities of the government. The in-advent infiltration and tampering are seen as an effort to gain information to be re-purposed by criminals. Finally, there is consensus that these data-mining efforts aim to create prominent skepticism on the intentions of the United States as it pertains to foreign policy.
How The Government Hopes at Averting the Attack
Notably, Microsoft did not offer evidence as to whether the attack had been successful. However, the spear-phishing was a result of the group’s evolving modus operandi. USAID’s account had been compromised, and a letter was sent out, including some that called for the particular alert. This is seen as one target that could turn into extended surgical hacking and exploits.
If the government is to avert the attack that Microsoft claims to be a continuation of multiple efforts; government agencies need a sophisticated response mechanism. This is especially true since the hackers seem to be targeting trusted technology providers used by the government.
A suitable response mechanism should include:
Pursuing A Security Audit
As explained, the extent of the hack is yet to be quantified. A security audit should be undertaken promptly to evaluate the networks the government runs its systems on. This should be in response to the state’s lack of basic cybersecurity measures. This audit should be a continuous process, especially as the threat evolves.
Focus on Data
The hacker group’s efforts target data. The response should thus be focused on recognizing any compromise to the data banks. Still, the efforts should also focus on threat identity management and dealing with the endpoints.
Classification of Important Data
The government needs to classify its data and determine who is given access to each. Still, a one-size-fits-all approach will not help in the protection of the data.
Developing of A Security Policy
A security plan needs to be in place for the protection of data. The policy should address prevention, detection, and response to attacks in government systems. Stakeholders in an effort to prevent hacks from organized groups like Nobelium need to work together to develop the policy.
Please contact Project Hosts for information on FedRAMP and your security plan. firstname.lastname@example.org