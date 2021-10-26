SEA ISLAND, Georgia – Russia’s leading intelligence agency has launched a new campaign to infiltrate thousands of US government computer networks. USA, of companies and of research and thought institutes, alerted on Sunday the directors of the Microsoft and cybersecurity experts, a few months after the president Joe Biden impose sanctions against the Russian government in response to a series of sophisticated espionage operations that Moscow performed all over the world.

The new effort is “huge and ongoing,” said Tom Burt, one of Microsoft’s top security directors, in an interview. Government officials have confirmed that the operation, apparently aimed at harvesting data stored in the cloud, appears to be carried out by the Foreign Intelligence Service (SVR), the Russian intelligence agency that was the first to hack into the networks of the National Committee of the Democratic Party during the 2016 elections.

Despite insisting that the percentage of successful security breaches was small, Microsoft did not provide enough information to accurately measure the severity of data theft.

This year, the White House he blamed the SVR for the hacker attack that became known as SolarWinds, a highly sophisticated operation to alter software used by US government agencies and the country’s biggest companies, which gave Russians wide access to the data of 18,000 users. Biden said the attack undermined confidence in basic government systems and promised retaliation for both intrusion and interference in elections. But when he announced sanctions against Russian financial institutions and technology companies in April, Biden eased the penalties.

“It was clear to me that, in relation to President Putin, we could have gone further, but I chose not to do that,” Biden said at the time, after denouncing the Russian leader. “Now is a time to ease the tension.”

US officials insist that the type of attack Microsoft reported falls into the same category of espionage that the great powers traditionally carry out against each other. Still, this operation suggests that even as the two governments claim they are meeting frequently to combat ransomware and other Internet-age afflictions, attacks on computer networks continue an accelerating arms race, which has intensified as countries stockpile each other. more and more data on vaccines against Covid-19 and a myriad of industrial and government secrets.

“Spies will spy,” said on Sunday John Hultquist, vice president for intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, at the Cipher Brief Threat Conference on Sea Island, where many cyber experts and intelligence officials gathered. “But what we learned from that was that SVR, which is very good at what it does, isn’t slowing down.”

It is unclear how successful the latest spying action was. Microsoft recently stated that it has notified more than 600 organizations that they have been targeted with approximately 23,000 hacking attempts on their systems. By comparison, the company claimed that it detected only 20.5 thousand specific attacks coming from “all other state actors” over the past three years. Microsoft said a small percentage of the most recent attempts were successful, but did not provide details or indicate how many organizations were compromised.

US officials have confirmed that the operation, considered routine espionage, is underway. But they insisted that if the action had been successful, the blame would have fallen much more on Microsoft and similar cloud service providers.

A senior government official called the recent attacks “unsophisticated, not surprisingly, operations that could have been avoided if cloud service providers had implemented basic practices and cybersecurity.”

“We’ve managed to do a lot,” said the official, “but the responsibility for implementing simple cybersecurity practices to lock your digital doors – and therefore ours – rests with the private sector.”

Government officials have been pushing to store more data in the cloud because it’s much easier to protect information in that environment. (Amazon holds the contract to store CIA data in the cloud. During the Trump administration, Microsoft won a massive bid to upload Pentagon data to the cloud, even though the program was recently suspended by the Biden administration on grounds of of a long-running legal dispute over the way the contract was awarded.)

Experts qualify the latest Russian attack, however, as a warning that moving data to the cloud is no solution – especially if those who take care of that information in the cloud don’t apply enough security measures.

Microsoft said the attack targeted its “resellers,” firms that customize cloud usage for businesses or academic institutions. Apparently, the Russians’ calculation was that if they were able to break into retailers, those firms would have privileged access to the data they targeted — such as e-mails from government officials, defense technologies or vaccine research.

The Russian intelligence agency was “trying to replicate an approach it has used in attacks in the past, of targeting organizations that are part of the global information technology supply chain,” Burt said.

This supply chain is the main target of Moscow hackers – and, increasingly, Chinese hackers are trying to replicate the most successful techniques of the Russians.

In the SolarWinds case last year, targeting this supply chain resulted in an action in which Russian hackers subtly altered the code of system administration software used by companies and US government agencies, covertly inserting the corrupted code, which was then forwarded to 18 thousand users.

Once users updated their software to a new version – similar to how tens of millions of people update their iPhones every few weeks – Russians suddenly gained full access to these networks.

In the most recent attack, the SVR, known as a stealth operator in the virtual world, used technologies similar to brute force. As described by Microsoft, the raid first involved triggering a huge database of stolen passwords in automated attacks intended to give Russian government hackers access to Microsoft’s cloud services. It’s a messier and less efficient operation — and it would only work for Microsoft cloud service resellers that haven’t applied some of the cybersecurity practices that the company required of them last year.

Microsoft said in a blog post scheduled to be published on Monday that it will do more to enforce contractual obligations from its resellers to get those firms to install security measures.

“The Russians are looking for systemic access,” said Christopher Krebs, who ran the US Department of Homeland Security’s Cybersecurity and Security Infrastructure Agency until he was fired by former President Donald Trump last year for making a statement that the 2020 election was fair and did not suffer any significant fraud. “They don’t want to have to try to hack accounts one by one.”

Federal officials say they are aggressively using new assignments granted to them to protect the country from cyber threats, particularly underscoring a broad and renewed international effort to crack down on ransomware-using gangs, many of which are based in Russia. With a new, much-expanded team of senior officials overseeing the government’s cyber operations, Biden has been trying to determine security changes designed to significantly hamper attacks similar to the latest one.

In response to SolarWinds, the White House announced a series of deadlines for government agencies and all service providers working for the federal government to apply new security practices that would make them harder targets for Russian, Chinese, Iranian and North Korean hackers . These practices include basic steps, such as a secondary method of authenticating who accesses accounts, similar to the way banks or credit card companies send codes to cell phones or other devices to ensure that a stolen password is not used.

But the adoption of new standards, although it has improved, remains punctual. Companies often resist government orders or claim that no specific type of regulation alone can handle the challenge of ensuring the security of different types of computer networks. A government effort to require companies to report breaches in their systems to the government within 24 hours of the occurrence, under penalty of fines for non-compliance, faces intense opposition from corporate lobbyists. / RUSSIAN GUILHERME TRANSLATION