Thursday, December 17, 2020

Suspected Russian Hacking Spree Included Think Tank

Here is more from Bloomberg:

The suspected Russian hackers behind a global campaign of cyber-attacks that have breached U.S. government agencies also hit an American think tank, according to a cybersecurity firm that has been fighting them off.

For the better part of a year, investigators at Volexity have been battling hackers that they have dubbed “Dark Halo,” according to President Steven Adair. He said the hackers have made three attempts to access emails at one of its customers, a U.S. based think tank, which he declined to name.

Volexity worked on the breaches at the think tank in late 2019 and 2020, according to a blog post published Monday.

In the first breach, the attackers used “multiple tools, backdoors and malware implants” that allowed them to remain undetected for years, Volexity wrote. After being removed from the network, the hackers returned a second time and exploited a vulnerability in the organization’s Microsoft Exchange Control Panel, according to Volexity.

In the third incident, in July, the hackers breached the think tank through its SolarWinds’ software, according to the cybersecurity company.


Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a new advisory saying there are "advanced persistent threat actors" (APT) targeting US think tanks.