BOSTON: Efforts to assess the impact of a more than seven-month-old cyberespionage campaign blamed on Russia - and boot the intruders - remain in their early stages, says the cybersecurity<\/a> firm that discovered the attack.

The hack has badly shaken the U.S. government and private sector. The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of
Microsoft<\/a> 365 - where users' emails, documents and collaborative tools reside - to determine if hackers broke in and remain active.

The aim is not just to ferret out and evict the hackers but to keep them from being able to re-enter, said Matthew McWhirt, the effort's team leader.

\"There's a lot of specific things you have to do - we learned from our investigations - to really eradicate the attacker,\" he said.

Since FireEye disclosed its discovery in mid-December, infections have been found at federal agencies including the departments of Commerce, Treasury, Justice and federal courts. Also compromised, said FireEye chief technical officer Charles Carmakal, are dozens of private sector targets with a high concentration in the software industry and Washington D.C. policy-oriented think tanks.

The intruders have stealthily scooped up intelligence for months, carefully choosing targets from the roughly 18,000 customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by Texas-based
SolarWinds<\/a>.

\"We continue to learn about new victims almost every day. I still think that we're still in the early days of really understanding the scope of the threat-actor activity,\" said Carmakal.

The public has not heard much about who exactly was compromised because many victims still can't figure out what the attackers have done and thus \"may not feel they have an obligation to report on it.\"

\"This threat actor is so good, so sophisticated, so disciplined, so patient and so elusive that it's just hard for organizations to really understand what the scope and impact of the intrusions are. But I can assure you there are a lot of victims beyond what has been made public to date,\" Carmakal said.

On top of that, he said, the hackers \"will continue to obtain access to organizations. There will be new victims.\"

Microsoft disclosed on Dec. 31 t hat the hackers had viewed some of its source code. It said it found \"no indications our systems were used to attack others.\"

Carmakal said he believed software companies were prime targets because hackers of this caliber will seek to use their products - as they did with SolarWinds' Orion module - as conduits for similar so-called supply-chain hacks.

The hackers' programming acumen let them forge the digital passports - known as certificates and tokens - needed to move around targets' Microsoft 365 installations without logging in and authenticating identity. It's like a ghost hijacking, very difficult to detect.

They tended to zero in on two types of accounts, said Carmakal: Users with access to high-value information and high-level network administrators, to determine what measures were being taken to try to kick them out,

If it's a software company, the hackers will want to examine the data repositories of top engineers. If it's a government agency, corporation or think tank, they'll seek access to emails and documents with national security and trade secrets and other vital intelligence.
<\/p><\/body>","next_sibling":[{"msid":80357666,"title":"Cybersecurity firm Malwarebytes says some of its emails were breached by SolarWinds hackers","entity_type":"ARTICLE","link":"\/news\/cybersecurity-firm-malwarebytes-says-some-of-its-emails-were-breached-by-solarwinds-hackers\/80357666","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":80357691,"entity_type":"ARTICLE","title":"Cybersecurity firm: Booting hackers a complex chore","synopsis":"The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of Microsoft 365 - where users' emails, documents and collaborative tools reside - to determine if hackers broke in and remain active.","titleseo":"telecomnews\/cybersecurity-firm-booting-hackers-a-complex-chore","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":137,"shares":0,"engagementtimems":681000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-01-20 08:22:55","lastupd":"2021-01-20 08:23:39","breadcrumbTags":["SolarWinds","international","Microsoft","cybersecurity","tech news","Internet","Microsoft Office 365"],"secinfo":{"seolocation":"telecomnews\/cybersecurity-firm-booting-hackers-a-complex-chore"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-01-20" data-index="article_1">

网络安全公司:引导黑客一个复杂的任务

FireEye,该公司周二发布了一个工具,白皮书帮助潜在的受害者冲刷云安装微软的365年——用户的电子邮件、文档和协作工具驻留——确定黑客破门而入,保持活跃。

  • 更新2021年1月20日08:23点坚持
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士

波士顿:努力评估的影响超过7个月大的网络间谍活动归咎于俄罗斯-并引导入侵者仍处于早期阶段,但是说网络安全公司发现了攻击。

黑客已经严重动摇了美国政府和私营部门。FireEye,该公司周二发布了一个工具,白皮书帮助潜在的受害者冲刷的基于云的设施微软365——用户的电子邮件、文档和协作工具驻留——确定黑客破门而入,保持活跃。

目的不仅仅是搜寻和驱逐黑客,但让他们能够重新输入,Matthew McWhirt说,努力的团队领袖。

广告
“有很多具体的事情你必须做-我们从调查真正根除攻击者,”他说。

FireEye披露其在12月中旬发现以来,已发现感染在联邦机构包括商务部门、财政部、司法部和联邦法院。也妥协,说FireEye首席技术官查尔斯•Carmakal几十个私营部门目标与软件行业的高浓度和华盛顿特区面向策略的智库。

入侵者已经暗地里舀起情报数月,精心选择目标从大约18000用户感染了恶意代码激活后偷偷溜到一个更新的网络管理软件首次由德克萨斯州去年3月推出SolarWinds

“我们几乎每天都继续学习新的受害者。我仍然认为,我们还在早期的真正理解threat-actor活动的范围,”Carmakal说。

公众还没有听说了不少关于到底是谁妥协,因为许多受害者仍然不能找出攻击者所做的,因此“可能不觉得他们有义务报告。”

“这一威胁的演员很好,所以复杂,所以自律,耐心,所以难以捉摸,这只是组织很难真正理解入侵的范围和影响是什么。但是我可以向你保证有很多受害者超出已公开约会,”Carmakal说。

广告
最重要的是,他说,黑客“将继续获得组织。将会有新的受害者。”

微软公布12月31日t帽黑客们认为它的一些源代码。它说它发现“没有迹象表明我们的系统被用来攻击别人。”

Carmakal说他相信软件公司的首要目标,因为黑客的口径将寻求与SolarWinds使用他们的产品,就像“猎户座模块——作为类似所谓的供应链渠道。

黑客编程的智慧让他们伪造数字护照——被称为证书和标记需要移动目标的微软365安装没有登录和验证身份。就像一个幽灵劫持,很难检测到。

他们倾向于零在两种类型的账户,Carmakal说:用户提供高价值的信息和高级网络管理员,来确定正在采取措施,试图驱散人群,

如果它是一个软件公司,黑客想要检查数据存储库的高级工程师。如果它是一个政府机构、公司或智囊团,他们会寻求访问电子邮件和文档与国家安全和商业机密和其他重要的情报。

  • 发表在2021年1月20日凌晨08:22坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序

BOSTON: Efforts to assess the impact of a more than seven-month-old cyberespionage campaign blamed on Russia - and boot the intruders - remain in their early stages, says the cybersecurity<\/a> firm that discovered the attack.

The hack has badly shaken the U.S. government and private sector. The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of
Microsoft<\/a> 365 - where users' emails, documents and collaborative tools reside - to determine if hackers broke in and remain active.

The aim is not just to ferret out and evict the hackers but to keep them from being able to re-enter, said Matthew McWhirt, the effort's team leader.

\"There's a lot of specific things you have to do - we learned from our investigations - to really eradicate the attacker,\" he said.

Since FireEye disclosed its discovery in mid-December, infections have been found at federal agencies including the departments of Commerce, Treasury, Justice and federal courts. Also compromised, said FireEye chief technical officer Charles Carmakal, are dozens of private sector targets with a high concentration in the software industry and Washington D.C. policy-oriented think tanks.

The intruders have stealthily scooped up intelligence for months, carefully choosing targets from the roughly 18,000 customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by Texas-based
SolarWinds<\/a>.

\"We continue to learn about new victims almost every day. I still think that we're still in the early days of really understanding the scope of the threat-actor activity,\" said Carmakal.

The public has not heard much about who exactly was compromised because many victims still can't figure out what the attackers have done and thus \"may not feel they have an obligation to report on it.\"

\"This threat actor is so good, so sophisticated, so disciplined, so patient and so elusive that it's just hard for organizations to really understand what the scope and impact of the intrusions are. But I can assure you there are a lot of victims beyond what has been made public to date,\" Carmakal said.

On top of that, he said, the hackers \"will continue to obtain access to organizations. There will be new victims.\"

Microsoft disclosed on Dec. 31 t hat the hackers had viewed some of its source code. It said it found \"no indications our systems were used to attack others.\"

Carmakal said he believed software companies were prime targets because hackers of this caliber will seek to use their products - as they did with SolarWinds' Orion module - as conduits for similar so-called supply-chain hacks.

The hackers' programming acumen let them forge the digital passports - known as certificates and tokens - needed to move around targets' Microsoft 365 installations without logging in and authenticating identity. It's like a ghost hijacking, very difficult to detect.

They tended to zero in on two types of accounts, said Carmakal: Users with access to high-value information and high-level network administrators, to determine what measures were being taken to try to kick them out,

If it's a software company, the hackers will want to examine the data repositories of top engineers. If it's a government agency, corporation or think tank, they'll seek access to emails and documents with national security and trade secrets and other vital intelligence.
<\/p><\/body>","next_sibling":[{"msid":80357666,"title":"Cybersecurity firm Malwarebytes says some of its emails were breached by SolarWinds hackers","entity_type":"ARTICLE","link":"\/news\/cybersecurity-firm-malwarebytes-says-some-of-its-emails-were-breached-by-solarwinds-hackers\/80357666","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":80357691,"entity_type":"ARTICLE","title":"Cybersecurity firm: Booting hackers a complex chore","synopsis":"The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of Microsoft 365 - where users' emails, documents and collaborative tools reside - to determine if hackers broke in and remain active.","titleseo":"telecomnews\/cybersecurity-firm-booting-hackers-a-complex-chore","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":137,"shares":0,"engagementtimems":681000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-01-20 08:22:55","lastupd":"2021-01-20 08:23:39","breadcrumbTags":["SolarWinds","international","Microsoft","cybersecurity","tech news","Internet","Microsoft Office 365"],"secinfo":{"seolocation":"telecomnews\/cybersecurity-firm-booting-hackers-a-complex-chore"}}" data-news_link="//www.iser-br.com/news/cybersecurity-firm-booting-hackers-a-complex-chore/80357691">