Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Business https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ SolarWinds hackers have given themselves the best administrative privileges to spy on undetected victims, says DHS

SolarWinds hackers have given themselves the best administrative privileges to spy on undetected victims, says DHS

The announcement, released Friday by the Home Office, is the agency’s most detailed explanation to date of how the attackers were able to monitor high-target intelligence targets undiscovered for months.

He also revealed that investigators are increasingly focused on using attackers on Microsoft products to hide from sight.

The warning does not apply to what data the hackers had access to or the extent of the breach and is limited to a description of the attack patterns themselves. A joint statement from intelligence on Tuesday said “fewer than ten agencies”
; appear to be specifically targeting espionage.
However, the federal judiciary has since said it is investigating a possible compromise with its electronic case management system, and the Justice Department has acknowledged that up to 3% of its Microsoft email accounts were potentially accessible.

Cybersecurity experts and U.S. officials have been claiming for weeks that the attackers may have abused their credentials and pretended to be legitimate users in order to conduct their spy campaign.

Now the DHS Cyber ​​Security and Infrastructure Security Agency has confirmed that this happened, describing step by step how the attackers hid their tracks.

First, the attackers gained initial access to the victim by taking advantage of a previously discovered vulnerability in SolarWinds or by other methods, such as knowing the password, which CISA said it was still investigating.

Attackers then attempted to impersonate one or more real users to access cloud services and an identity management service provider such as Microsoft 365 or Azure Active Directory.

Security experts have described services such as Azure Active Directory as having the “keys to the kingdom”, as for many businesses it is the software used to create and manage network accounts, passwords and privileges.

After the attackers gained access to the organization’s identity provider, they were able to create permissions for secret access to other programs and applications, CISA said.

Attacks on a platform such as Active Directory can be extremely powerful, said Robert M. Lee, CEO of cybersecurity company Dragos.

“It’s a system that connects any other system,” he said in a recent interview.

Cedric Leighton, a former NSA employee and CNN military analyst, said the report demonstrated the sophistication of the attackers.

“This is the latest key to understanding SolarWinds hacking,” Leighton said. “The fact that the credentials were compromised – including multi-factor authentication systems – shows how widespread this attack was. Side-by-side references show that they traveled through networks to compromise more data than originally thought. “In essence, this is a recognition that the possible compromise of our systems goes beyond what was initially reported. This is a very big deal.”

Zachary Cohen contributed to this story.

Source link