www.darkreading.com Open in urlscan Pro
2606:4700::6811:7863  Public Scan

Form analysis
0 forms found in the DOM

Text Content

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV
   

Webinars
 * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
   Dec 09, 2021
 * Protecting Enterprise Data from Malicious Insiders
   Dec 14, 2021

Resources
Close
Back
Resources
White Papers >
Reports >
Issues >
Tech Library >
Slideshows >
Partner Perspectives: Crowdstrike >

Subscribe
Login
/
Register

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV
   

Webinars
 * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
   Dec 09, 2021
 * Protecting Enterprise Data from Malicious Insiders
   Dec 14, 2021

Resources
Close
Back
Resources
White Papers >
Reports >
Issues >
Tech Library >
Slideshows >
Partner Perspectives: Crowdstrike >
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV
   

Webinars
 * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
   Dec 09, 2021
 * Protecting Enterprise Data from Malicious Insiders
   Dec 14, 2021

Resources
Close
Back
Resources
White Papers >
Reports >
Issues >
Tech Library >
Slideshows >
Partner Perspectives: Crowdstrike >

--------------------------------------------------------------------------------

Subscribe
Login
/
Register
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.




Announcements
 1. 
 2. 

Event
Cybersecurity Outlook 2022 | A FREE Dark Reading & Black Hat Virtual Event |
December 8, 2021 <REGISTER NOW>
Alert
Check out our NEW section called "DR Tech" for comprehensive coverage of new &
emerging cybersecurity technology.
PreviousNext

Attacks/Breaches

Commentary


WHY THE PRIVATE SECTOR IS KEY TO STOPPING RUSSIAN HACKING GROUP APT29

Left unchecked, these attacks could have devastating effects on government and
military secrets and jeopardize the software supply chain and the global
economy.
Shmulik Yehezkel
Chief Critical Cyber Operations Officer & CISO, CYE
December 09, 2021
PDF


As the Russian cyber threat heats up, it is becoming clearer that the protection
of US and European national interests is increasingly in the hands of civilians
at IT and software companies. American and European IT businesses that on the
surface have nothing to do with the government are unwittingly serving as
stepping-stones for enemy state cyberattacks and espionage campaigns. If these
attacks are successful, they could not only have devastating effects on
government and military secrets but also jeopardize trust in the software supply
chain that is increasingly at the heart of the modern economy. 



During recent months, my company, along with other large companies, including
Microsoft, have seen the Russian hacking group APT29 — blamed for the massive
SolarWinds cyberattack and the 2015 infiltration of the Democratic National
Committee — quietly trying to gain access to large IT companies, mainly those
that offer cloud-based software services to businesses and government
organizations. The threat of damage looms large, especially because the agile
and deep-pocketed group shows no signs of stopping. APT29 will continue to
target individual workers at software supply chain companies, mainly through
phishing campaigns, and use hard-to-detect, unique tools to turn these service
providers into proxies for carrying out espionage attacks against sensitive
targets like military or government agencies. 

APT29 is not interested in Microsoft or other IT companies themselves, or even
in their direct customers, which offer customized cloud software products.
Rather, they intend to use them as proxies to attack subscribers and users
further down the chain, which may include defense companies, government
agencies, or contractors with valuable or classified information. Governments,
contractors, and corporations increasingly rely on cloud services, partly for
the flexibility they allow for services from multiple software vendors. 



In a recent case we mitigated at a cloud-based software company, APT29 did not
attempt to take or otherwise compromise any data from the large software company
itself. Rather, the hackers attempted to find which individuals in the software
company hold information about or are connected to customers that are the
ultimate targets. They initially reached these employees through phishing
campaigns, and then were able to use a unique tool to take over and use their
legitimate network connections as proxies to potentially reach the ultimate
targets but remain undetected. The tool, which we discovered, does not siphon
off information, but rather just allows the hackers to use accounts and
connections as proxies to reach other targets. 



This targeting of certain employees, based on their potential connections to
eventual targets, is a unique and new approach for APT29. It's a tedious process
that the hackers carried out over time, perhaps for nearly a year, undetected
inside the software supplier. Although this was the same group that the US
government has blamed for the SolarWinds attack, this attack, from what we saw,
was quite different. In this case, the hackers sought out possible connections
only to certain customers of the software company rather than simply targeting
everyone through a malicious software update as happened in the SolarWinds
attack. The fine-tuned nature of the attacks points to the operatives receiving
guidance and other intelligence beforehand from their handlers. 

Once the cyberattackers are inside software service providers, they gain not
just the access but also the knowledge needed to carry out sophisticated
phishing attacks on valuable targets that are connected to the software
suppliers. It is easy to see how those working at the targets themselves would
open up emails, and even download attachments that look like they come from
their software service providers. Ultimately, this can lead to malware on the
networks of government organizations and defense companies that allows the
attackers ongoing access to valuable or classified information. This shows that
no matter how well protected the end targets may think they are, there is
increasingly a backdoor via their software supplier or anyone they have digital
connections with. 



Because these actors are relying mainly on phishing to get into the software
suppliers and the actual targets further down the chain, there is no easy
technological solution, like patching a list of vulnerabilities. All of this
means it is largely up to humans inside private-sector companies to prevent such
attacks through the usual, although often ignored, methods, like using
multifactor authentication and teaching employees to recognize phishing
attempts. 

Our intelligence indicates that APT29 and other state actors will continue to
target software supply chain companies, especially those that serve the
military, defense, or key technology sectors in the US and Europe. The growing
cloud computing sector is expected to be worth $1.25 trillion by 2028, and is
vital to managing everything from infrastructure to supply chains to online
banking. If not well secured, the software supply chain will continue to pose an
enormous risk to national security and the economy.

Vulnerabilities/ThreatsAdvanced Threats
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe



Recommended Reading:

More Insights
White Papers
 * 
   Zero Trust and the Power of Isolation for Threat Prevention
 * 
   Zero Trust in Real Life

More White Papers
Webinars
 * 
   Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
 * 
   Protecting Enterprise Data from Malicious Insiders

More Webinars
Reports
 * 
   Zero Trust and the Power of Isolation for Threat Prevention
 * 
   Zero Trust in Real Life

More Reports

Editors' Choice
In Appreciation: Dark Reading's Tim Wilson
Dark Reading Staff, Dark Reading
10 Stocking Stuffers for Security Geeks
Ericka Chickowski, Contributing Writer
The Dark Web Has Its Own People's Court
Jai Vijayan, Contributing Writer
5 Tips to Stay on the Offensive and Safeguard Your Attack Surface
Steve Ginty, Director, Threat Intelligence, RiskIQ
Webinars
 * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
 * Protecting Enterprise Data from Malicious Insiders
 * Cloud Security Strategies for Today's Enterprises
 * Creating an Encryption Strategy for Your Enterprise
 * The ROI Story: Identifying & Justifying Disruptive Technology

More Webinars
White Papers
 * Zero Trust and the Power of Isolation for Threat Prevention
 * Zero Trust in Real Life
 * Protecting Your Mainframe Against Relentless Ransomware
 * 2021 Ransomware Threat Report
 * Using ZTNA to Deliver the Experience Users Want

More White Papers
Events
 * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV

More Events
More Insights
White Papers
 * 
   Zero Trust and the Power of Isolation for Threat Prevention
 * 
   Zero Trust in Real Life

More White Papers
Webinars
 * 
   Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
 * 
   Protecting Enterprise Data from Malicious Insiders

More Webinars
Reports
 * 
   Zero Trust and the Power of Isolation for Threat Prevention
 * 
   Zero Trust in Real Life

More Reports

DISCOVER MORE FROM INFORMA TECH

 * Interop
 * InformationWeek
 * Network Computing
 * ITPro Today

 * Data Center Knowledge
 * Black Hat
 * Omdia

WORKING WITH US

 * About Us
 * Advertise
 * Reprints

FOLLOW DARK READING ON SOCIAL

 * 
 * 
 * 
 * 


 * Home
 * Cookies
 * Privacy
 * Terms



Copyright © 2021 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

This site uses cookies to provide you with the best user experience possible. By
using Dark Reading, you accept our use of cookies.

Accept