The Russian group has injured several technology companies in previously unreported activities, said Charles Carmakal, senior vice president and CTO of cybersecurity company Mandiant. The hackers have also used new tools and techniques in some of their operations this year, Carmakal said.
“The group has compromised several government agencies, political and foreign policy-focused organizations, and technology providers who provide direct or indirect access to the ultimate target organizations in North America and Europe,” Carmakal told CNN. He declined to identify the technology providers.
It is unclear what data the hackers may have accessed. However, the activity is reminiscent of the challenge the Biden government faces in trying to blunt the efforts of America’s greatest digital adversaries to access sensitive government data.
A US official familiar with the matter told CNN that federal authorities are following the recent actions of the Russian hackers.
“The issue was raised in recent sessions of the National Security Council,” said the official, who spoke on condition of anonymity.
The Russian group is best known for using manipulated software from federal contractor SolarWinds to injure at least nine US authorities in activities that became known in December 2020 Security and others, and it was FireEye, the former parent company of Mandiant, not a government agency, discovered by the hacking campaign.
The Biden government attributed the espionage campaign in April to the Russian foreign intelligence service SVR and criticized Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow has denied participation.
US Secretary of Homeland Security Alejandro Mayorkas said in March that US cybersecurity defenses need to be quicker in detecting future espionage efforts. “Our government was hacked last year and we didn’t know about it for months,” Mayorkas said in a speech related to the SolarWinds incident.
To this end, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has pledged to spend part of the $ 650 million it received from the US rescue plan earlier this year on new security tools to detect threats. The Biden government has also introduced mandatory safety standards for US government contractors. Assistant Attorney General Lisa Monaco said Wednesday that the Justice Department will use its “civil enforcement tools to prosecute companies – those who are government contractors or receive federal funding – if they fail to meet required cybersecurity standards.”
Cat and Mouse game
For US authorities, it could be a game of cat and mouse trying to discover the Russian agents. They are professionals – as employed by leading US and Chinese intelligence agencies – with a mission to gather information about government goals, analysts say. That means they develop new hacking tools when others are exposed.
Microsoft declined to comment on where the targeted organizations are or what sectors they are in. However, other security specialists say they responded to digital breaches related to the broad group of hackers Washington blamed for the SolarWinds breaches.
“They are constantly active,” said Adam Meyers, senior vice president of intelligence at the security firm CrowdStrike, of the Russian group. “I think the public reporting represents … when we catch them and when we see what they’re up to.”
CrowdStrike found malicious code on a customer network last month that Meyers said was likely provided by Cozy Bear, a Russian group that overlaps with that of Microsoft. Meyers declined to elaborate on the incident.
The National Security Agency, FBI, CISA, and the Office of the Director of National Intelligence all declined to comment on the story.
General Paul Nakasone, who heads the NSA and US Cyber Command, said Tuesday that US authorities worked well with Mandiant to end the Russian espionage campaign that is exploiting SolarWinds.
“The SolarWinds incident was really a turning point for our nation, I believe,” said Nakasone at the Mandiant Cyber Defense Summit in Washington. “We were able to uncover a significant intrusion by a foreign enemy who was trying to harm our nation.”