Microsoft president sounds alarm on ‘ongoing’ SolarWinds hack, identifies 40 more precise targets
"Intelligence failure Russian hackers went undetected by U.S. cybersecurity defenses for months [...] Washington – Over the past few years, the U.S. government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Md., for U.S. Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation's enemies from picking its networks clean, again [...] The intrusion, said the person briefed on the matter, shows that the weak point for the American government computer networks remains administrative systems, particularly ones that have a number of private companies working under contract. The Russian spies found that by gaining access to these peripheral systems, they could make their way into more central parts of the government networks."
So it appears in saying privatize/outsource Washington has inadvertently also been saying, Welcome hackers. Just as Trump opened the door to the coronavirus, with Trump at the helm this massive intelligence breach likely was made easier.
‘This is not ‘espionage as usual,’ even in the digital age.’
Smith characterized the hack as “a moment of reckoning” and laid out in no uncertain terms just how large and how dangerous Microsoft believes the hack to be. It “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Smith argues.
He believes that it “is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.” Though the post stops short of explicitly accusing Russia, the implication is very clear. “The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks,” according to Smith.
To illustrate just how far-reaching the hack was, Smith included a map that used telemetry taken from Microsoft’s Defender Anti-Virus software to show people who had installed versions of the Orion software that contained malware from the hackers.
A map showing customers affected by the malware in SolarWinds’ Orion. Image: Microsoft
Microsoft has also been working this week to notify “more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures,” according to Smith. Approximately 80 percent of those customers are located in the US, but Microsoft also identified victims in Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE. “It’s certain that the number and location of victims will keep growing,” Smith said.
- Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others. -
As for Microsoft, Smith used his post to call for a more organized, communal response against cyberattacks, both at a government level and amongst private institutions. “We need a more effective national and global strategy to protect against cyberattacks,” he writes. Microsoft is also looking for “stronger steps to hold nation-states accountable for cyberattacks.”
The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) .. a little more here .. By James Bamford 03.15.12 Photo: Name Withheld; Digital Manipulation: Jesse Lenz The spring air in the small, sand-dusted town has a soft haze to it, and clumps of green-gray sagebrush rustle in the breeze. Bluffdale sits in a bowl-shaped valley in the shadow of Utah’s Wasatch Range .. http://en.wikipedia.org/wiki/Wasatch_Range .. to the east and the Oquirrh Mountains .. http://en.wikipedia.org/wiki/Oquirrh_Mountains .. to the west. It’s the heart of Mormon country, where religious pioneers first arrived more than 160 years ago. They came to escape the rest of the world, to understand the mysterious words sent down from their god as revealed on buried golden plates, and to practice what has become known as “the principle,” marriage to multiple wives. [...] The NSA’S SPY NETWORK .. another one .. Once it’s operational, the Utah Data Center will become, in effect, the NSA’s cloud. The center will be fed data collected by the agency’s eavesdropping satellites, overseas listening posts, and secret monitoring rooms in telecom facilities throughout the US. All that data will then be accessible to the NSA’s code breakers, data-miners, China analysts, counterterrorism specialists, and others working at its Fort Meade headquarters and around the world. Here’s how the data center appears to fit into the NSA’s global puzzle.—J.B. https://investorshub.advfn.com/boards/read_msg.aspx?message_id=89272544
Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business
"Intelligence failure Russian hackers went undetected by U.S. cybersecurity defenses for months"
All of JBS’s beef plants in the U.S. were shuttered on Tuesday, and many of its pork and poultry plants were affected, according to a union and Facebook posts meant for employees.
A JBS plant in Minnesota. Nine JBS beef plants in the United States were shut down after a cyberattack, a union said. The company’s pork and poultry operations were also affected. Bing Guan/Reuters
By Julie Creswell, Nicole Perlroth and Noam Scheiber
Published June 1, 2021 Updated June 2, 2021, 11:17 a.m. ET
A cyberattack on the world’s largest meat processor forced the shutdown of nine beef plants in the United States on Tuesday, according to union officials, and disrupted production at poultry and pork plants. The attack could upset the nation’s meat markets and raises new questions about the vulnerability of critical American businesses.
The company, JBS, said the majority of its plants would reopen on Wednesday. But even one day’s disruption at JBS could “significantly impact” wholesale beef prices, according to analysts at Daily Livestock Report.
The breach at JBS was a ransomware attack, the White House said — the second recent such attack to freeze up a critical U.S. business operation. Last month, a ransomware attack on Colonial Pipeline, which transports gas to nearly half the East Coast, triggered gas and jet-fuel shortages and panic buying.
JBS, which is based in Brazil and accounts for one-fifth of the daily U.S. cattle harvest, said in a statement late Tuesday that it had made “significant progress resolving the cyberattack.”
“Our systems are coming back online, and we are not sparing any resources to fight this threat,” Andre Nogueira, the chief executive of JBS USA, said in the statement.
The Department of Agriculture said Tuesday that it was working with other producers to help minimize any shortages.
All nine JBS beef plants in the United States were shut down on Tuesday, according to the United Food and Commercial Workers International Union, which represents workers at JBS’s beef, pork and poultry factories. The company’s poultry and pork plants in the United States posted on Facebook that they had canceled shifts or altered production scheduled for Monday or Tuesday, with some of them citing “I.T. issues.”
In addition to the company’s U.S. plants, the shutdowns affected 2,500 workers at a beef plant in Brooks, Alberta, according to Scott Payne, a spokesman for United Food and Commercial Workers Local 401 in Canada. “All shifts were canceled yesterday,” he said on Tuesday. “The morning shift was canceled today. But the afternoon shift has been rescheduled to operate today.”
Even as the plants started to come on line, at least one beef plant delayed the start of production on Wednesday and another altered one of its shifts, according to posts from the plants.
As restaurants and retail customers have started buying beef heading into summer, the wholesale market has been “extremely tight,” the analysts for Daily Livestock Report wrote in a report released on Tuesday. They noted that a small restaurant in southern Utah had started to charge an extra $4 for dishes that contained carne asada.
“Retailers and beef processors are coming from a long weekend and need to catch up with orders and make sure to fill the meat case,” the analysts wrote. “If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges in keeping plants in operation and the retail case stocked up.”
An extended disruption, the analysts warned, “could add gasoline to an already large flame.”
Karine Jean-Pierre, a White House deputy press secretary, told reporters on Air Force One on Tuesday that JBS had told the Biden administration that it was a ransomware attack, and that the ransom demand had come from “a criminal organization likely based in Russia.”
The Federal Bureau of Investigation was investigating the hack, and the Cybersecurity and Infrastructure Security Agency was also involved, Ms. Jean-Pierre said.
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” she said.
In two weeks, President Biden is scheduled to meet the president of Russia, Vladimir V. Putin, in Geneva for a summit in which a variety of cyberattacks, many emanating from Russia, are high on the American agenda.
One recent breach leveraged software called SolarWinds to infiltrate more than 250 federal agencies and businesses. It has been considered the most serious attack because it got to the question of whether the United States can trust its supply chain of software. SolarWinds, the United States has said, was the work of the S.V.R., one of Russia’s premier intelligence agencies.
Last week, the S.V.R. was blamed for a breach that hijacked the company that distributes emails on behalf of the United States Agency for International Development, sending links containing malware to organizations that have been critical of Mr. Putin.
But ransomware attacks have taken on additional urgency after hackers hit Colonial Pipeline .. https://www.nytimes.com/2021/05/10/business/colonial-pipeline-ransomware.html .. last month. The pipeline’s operator shut down its systems after the attack, triggering price surges, panic buying and jet-fuel shortages. The company later acknowledged paying $4.4 million to recover its data.
The Colonial Pipeline attack was the work of a ransomware operator called DarkSide, which Mr. Biden said was based in Russia.
The culprit behind the JBS attack has not been publicly identified. Cybersecurity specialists said Tuesday that blogs and online channels frequented by major ransomware groups had gone quiet — most likely, they said, because the group responsible was waiting to see whether JBS would pay.
The U.S. government has been at a loss for how to address the attacks, given that many of the groups responsible operate from Russia, where they largely enjoy safe harbor. Russia has refused to extradite its hackers, and it frequently taps them for sensitive intelligence operations.
Mr. Biden said after the Colonial Pipeline attack that Russia was partly to blame even though there was no evidence that the government was involved.
“We have been in direct communication with Moscow for the imperative for responsible countries to take decisive action against these ransomware networks,” Mr. Biden said. “We’re also going to pursue a measure to disrupt their ability to operate.”
He did not rule out the possibility that the United States would carry out a retaliatory cyberattack against the criminals responsible for the pipeline attack. After Mr. Biden’s remarks, DarkSide’s criminals said they would shut down .. https://www.nytimes.com/2021/05/14/business/darkside-pipeline-hack.html, though cybersecurity experts cautioned that they were likely to rebrand and resurface.
David E. Sanger and William P. Davis contributed reporting.
Correction: June 1, 2021
An earlier version of this article misstated the name of a cattle industry publication. It is Daily Livestock Report, not Daily Livestock Observer.
Julie Creswell is a New York-based reporter. She has covered banks, private equity, retail and health care. She previously worked for Fortune Magazine and also wrote about debt, monetary policy and mutual funds at Dow Jones. @julie_creswell
Nicole Perlroth is a cybersecurity and digital espionage reporter. She is the bestselling author of the book, “This Is How They Tell Me The World Ends,” about the global cyber arms race. @nicoleperlroth
Noam Scheiber is a Chicago-based reporter who covers workers and the workplace. He spent nearly 15 years at The New Republic magazine, where he covered economic policy and three presidential campaigns. He is the author of “The Escape Artists.” @noamscheiber
For the best part of a decade, US officials and cybersecurity companies have been naming and shaming hackers they believe work for the Chinese government. These hackers have stolen terabytes of data from companies like pharmaceutical and video game firms, compromised servers, stripped security protections, and highjacked hacking tools, according to security experts. And as China’s alleged hacking has grown more brazen .. https://www.wired.com/story/china-hacking-reckless-new-phase/ , individual Chinese hackers face indictments. However, things may be changing.
Since the start of 2022, China’s Foreign Ministry and the country’s cybersecurity firms have increasingly been calling out alleged US cyberespionage. Until now, these allegations have been a rarity. But the disclosures come with a catch: They appear to rely on years-old technical details, which are already publicly known and don’t contain fresh information. The move may be a strategic change for China as the nation tussles to cement its position as a tech superpower.
“These are useful materials for China’s tit-for-tat propaganda campaigns when they faced US accusation and indictment of China’s cyberespionage activities,” says Che Chang, a cyber threat analyst at the Taiwan-based cybersecurity firm TeamT5.
China’s accusations, which were noted by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, Chinese security company Pangu Lab published allegations that the US National Security Agency’s elite Equation Group hackers used a backdoor, dubbed Bvp47, to monitor 45 countries. The Global Times, a tabloid newspaper that’s part of China’s state-controlled media, ran an exclusive report on the research. Weeks later, on March 14, the newspaper had a second exclusive story about another .. https://www.globaltimes.cn/page/202203/1254856.shtml .. NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 alleged that US hackers had been attacking Chinese companies and organizations. And on April 19, the Global Times reported on further National Computer Virus Emergency Response Center findings about HIVE, malware developed by the CIA.
The reports are accompanied with a flurry of statements—often in response to questions from the media—by China’s Foreign Ministry spokespeople. “China is gravely concerned over the irresponsible malicious cyber activities of the US government,” Foreign Ministry spokesperson Wang Wenbin said in April after one of the announcements. “We urge the US side to explain itself and immediately stop such malicious activities.” Over the first nine days of May, Foreign Ministry spokespeople commented on US cyber activities at least three times. “One cannot whitewash himself by smearing others,” Zhao Lijian said in one instance.
While cyber activity undertaken by state actors is often wrapped in highly classified files, many hacking tools developed by the US are no longer secret. In 2017, WikiLeaks published 9,000 documents in the Vault7 leaks, which detailed many of the CIA’s tools. A year earlier, the mysterious Shadow Brokers .. https://www.wired.com/tag/shadow-brokers/ .. hacking group stole data from one of the NSA’s elite hacking teams and slowly dripped the data to the world. The Shadow Brokers leaks included dozens of exploits and new zero-days—including the Eternal Blue hacking tool, which has since been used repeatedly in some of the largest cyberattacks. Many of the details in the Shadow Brokers leaks match up with details about NSA which were disclosed by Edward Snowden in 2013. (An NSA spokesperson said it has “no comment” for this story; the agency routinely does not comment on its activities.)
Ben Read, director of cyberespionage analysis at the US cybersecurity firm Mandiant, says China’s state media push of alleged US hacking seems to be consistent, but it mostly contains older information. “Everything that I've seen they've written about, they tie back to the US through either the Snowden leaks or Shadow Brokers,” Read says.
Pangu Lab’s February report on Bvp47—the only publication on its website—says it initially discovered the details in 2013 but pieced them together after the Shadow Brokers leaks in 2017. “The report was based on a decade-old malware, and the decryption key is the same” as in WikiLeaks, Che says. The details of HIVE and NOPEN have also been available for years. Neither Pangu Labs or Qihoo 360, which has been on the US government sanctions list since 2020, responded to requests for comment on their research or methodology. A Pangu spokesperson previously said it recently published the old details, and it had taken a long time to analyze the data.
Megha Pardhi, a China researcher at Takshashila Institution, an Indian think tank, says the publications and follow-up comments from officials can serve multiple purposes. Internally, China can use it for propaganda and to send a message to the US that it has the capability to attribute cyber activity. But beyond this, there is a warning to other countries, Pardhi says. “The message is that even though you're allied with the United States, they're still gonna come after you.”
“We oppose and crack down in accordance with law all forms of cyberespionage and attacks,” Liu Pengyu, a spokesperson for the Chinese Embassy in the US, says in a statement. Liu did not respond directly to questions around the apparent uptick in finger-pointing at the US this year, the evidence that was being used to do so, or why this may be happening years after details originally emerged. China is widely considered to be one of the most sophisticated and active state cyber actors—involved in spying, hacking for espionage, and gathering data. Western officials consider the country to be the biggest cyber threat, ahead of Russia, Iran, and North Korea.
“Recently, there have been many reports of US carrying cybertheft and attacks on China and the whole world,” Liu says in a statement that reflects comments made by China’s Foreign Ministry spokespeople this year. “The US should reflect on itself and join others to jointly safeguard peace and security in cyberspace with a responsible attitude.”
Many of the disclosures in 2022—there are only a handful of previous Chinese accusations against the US—stem from private cybersecurity companies. This is similar to how Western cybersecurity companies report their findings; they are not always incorporated into government talking points, however, and state-backed media is all but nonexistent.
The potential shift in tactics could play into wider policies around technology use and development. In recent years, China’s policies have focused on positioning itself as a dominant force in technology standards in everything from 5G to quantum computers. A raft of new cybersecurity and privacy laws have detailed how companies should handle data and protect national information—including the potential for hoarding previously unknown vulnerabilities.
“One explanation is, possibly, that we are engaged in a kind of ideological—or if you want to put it more prosaically, a marketing—battle with China,” says Suzanne Spaulding, a senior adviser at the Center for Strategic and International Studies and previously a senior cybersecurity official in the Obama administration. The US-China relationship has been fraught in recent years, with tensions rising over national security issues, including concerns about the telecom giant Huawei. “China is offering, around the world, a competing model to Western-style democracy,” Spaulding says, noting that China may be responding to Western countries coming together on multiple issues since Russia invaded Ukraine.
In July 2021, China’s Ministry of Industry and Information Technology published plans to boost the private security industry by 2023. Companies based in China should spend more on their defenses against cyberattacks, the government department said at the time. It also said the whole cybersecurity industry within China should look to grow in size in the coming years, as well as bolster the development of network monitoring systems and threat detection techniques. “What we've started to see over the last couple of years, increasingly, is that companies in China are building their own capabilities,” says Adam Meyers, vice president of intelligence at the US cybersecurity firm CrowdStrike. “There's been a few that have waded into the threat intelligence space.”
But publicizing details of the long-known incidents still raises plenty of questions. Mandiant’s Read says he wonders exactly how many cyberespionage cases Chinese companies and authorities are finding. The answer would provide significant clues about their true capabilities. Read says: “Is this 50 percent of what they're finding? Is this 1 percent of what they're finding? Is this 90 percent of what they're finding?”
The move appears to be strategic, says TeamT5’s Che. “Considering the close relationship between China's cybersecurity firms and the Chinese government, our team surmises that these reports could be a part of China’s strategic distraction when they are accused of massive surveillance systems and espionage operations.”
Market Data 
Markets :format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/68545710/acastro_180507_1777_microsoft_0003.0.jpg)
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22181335/cyber1_960x540.jpg)
AI
