www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7863
Public Scan
URL:
https://www.darkreading.com/attacks-breaches/why-the-private-sector-is-key-to-stopping-russian-hacking-group-apt29
Submission: On December 10 via api from GB — Scanned from GB
Submission: On December 10 via api from GB — Scanned from GB
Form analysis
0 forms found in the DOMText Content
The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Protecting Enterprise Data from Malicious Insiders Dec 14, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Partner Perspectives: Crowdstrike > Subscribe Login / Register The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Protecting Enterprise Data from Malicious Insiders Dec 14, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Partner Perspectives: Crowdstrike > The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Protecting Enterprise Data from Malicious Insiders Dec 14, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Partner Perspectives: Crowdstrike > -------------------------------------------------------------------------------- Subscribe Login / Register SEARCH A minimum of 3 characters are required to be typed in the search bar in order to perform a search. Announcements 1. 2. Event Cybersecurity Outlook 2022 | A FREE Dark Reading & Black Hat Virtual Event | December 8, 2021 <REGISTER NOW> Alert Check out our NEW section called "DR Tech" for comprehensive coverage of new & emerging cybersecurity technology. PreviousNext Attacks/Breaches Commentary WHY THE PRIVATE SECTOR IS KEY TO STOPPING RUSSIAN HACKING GROUP APT29 Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy. Shmulik Yehezkel Chief Critical Cyber Operations Officer & CISO, CYE December 09, 2021 PDF As the Russian cyber threat heats up, it is becoming clearer that the protection of US and European national interests is increasingly in the hands of civilians at IT and software companies. American and European IT businesses that on the surface have nothing to do with the government are unwittingly serving as stepping-stones for enemy state cyberattacks and espionage campaigns. If these attacks are successful, they could not only have devastating effects on government and military secrets but also jeopardize trust in the software supply chain that is increasingly at the heart of the modern economy. During recent months, my company, along with other large companies, including Microsoft, have seen the Russian hacking group APT29 — blamed for the massive SolarWinds cyberattack and the 2015 infiltration of the Democratic National Committee — quietly trying to gain access to large IT companies, mainly those that offer cloud-based software services to businesses and government organizations. The threat of damage looms large, especially because the agile and deep-pocketed group shows no signs of stopping. APT29 will continue to target individual workers at software supply chain companies, mainly through phishing campaigns, and use hard-to-detect, unique tools to turn these service providers into proxies for carrying out espionage attacks against sensitive targets like military or government agencies. APT29 is not interested in Microsoft or other IT companies themselves, or even in their direct customers, which offer customized cloud software products. Rather, they intend to use them as proxies to attack subscribers and users further down the chain, which may include defense companies, government agencies, or contractors with valuable or classified information. Governments, contractors, and corporations increasingly rely on cloud services, partly for the flexibility they allow for services from multiple software vendors. In a recent case we mitigated at a cloud-based software company, APT29 did not attempt to take or otherwise compromise any data from the large software company itself. Rather, the hackers attempted to find which individuals in the software company hold information about or are connected to customers that are the ultimate targets. They initially reached these employees through phishing campaigns, and then were able to use a unique tool to take over and use their legitimate network connections as proxies to potentially reach the ultimate targets but remain undetected. The tool, which we discovered, does not siphon off information, but rather just allows the hackers to use accounts and connections as proxies to reach other targets. This targeting of certain employees, based on their potential connections to eventual targets, is a unique and new approach for APT29. It's a tedious process that the hackers carried out over time, perhaps for nearly a year, undetected inside the software supplier. Although this was the same group that the US government has blamed for the SolarWinds attack, this attack, from what we saw, was quite different. In this case, the hackers sought out possible connections only to certain customers of the software company rather than simply targeting everyone through a malicious software update as happened in the SolarWinds attack. The fine-tuned nature of the attacks points to the operatives receiving guidance and other intelligence beforehand from their handlers. Once the cyberattackers are inside software service providers, they gain not just the access but also the knowledge needed to carry out sophisticated phishing attacks on valuable targets that are connected to the software suppliers. It is easy to see how those working at the targets themselves would open up emails, and even download attachments that look like they come from their software service providers. Ultimately, this can lead to malware on the networks of government organizations and defense companies that allows the attackers ongoing access to valuable or classified information. This shows that no matter how well protected the end targets may think they are, there is increasingly a backdoor via their software supplier or anyone they have digital connections with. Because these actors are relying mainly on phishing to get into the software suppliers and the actual targets further down the chain, there is no easy technological solution, like patching a list of vulnerabilities. All of this means it is largely up to humans inside private-sector companies to prevent such attacks through the usual, although often ignored, methods, like using multifactor authentication and teaching employees to recognize phishing attempts. Our intelligence indicates that APT29 and other state actors will continue to target software supply chain companies, especially those that serve the military, defense, or key technology sectors in the US and Europe. The growing cloud computing sector is expected to be worth $1.25 trillion by 2028, and is vital to managing everything from infrastructure to supply chains to online banking. If not well secured, the software supply chain will continue to pose an enormous risk to national security and the economy. Vulnerabilities/ThreatsAdvanced Threats Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Recommended Reading: More Insights White Papers * Zero Trust and the Power of Isolation for Threat Prevention * Zero Trust in Real Life More White Papers Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Protecting Enterprise Data from Malicious Insiders More Webinars Reports * Zero Trust and the Power of Isolation for Threat Prevention * Zero Trust in Real Life More Reports Editors' Choice In Appreciation: Dark Reading's Tim Wilson Dark Reading Staff, Dark Reading 10 Stocking Stuffers for Security Geeks Ericka Chickowski, Contributing Writer The Dark Web Has Its Own People's Court Jai Vijayan, Contributing Writer 5 Tips to Stay on the Offensive and Safeguard Your Attack Surface Steve Ginty, Director, Threat Intelligence, RiskIQ Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Protecting Enterprise Data from Malicious Insiders * Cloud Security Strategies for Today's Enterprises * Creating an Encryption Strategy for Your Enterprise * The ROI Story: Identifying & Justifying Disruptive Technology More Webinars White Papers * Zero Trust and the Power of Isolation for Threat Prevention * Zero Trust in Real Life * Protecting Your Mainframe Against Relentless Ransomware * 2021 Ransomware Threat Report * Using ZTNA to Deliver the Experience Users Want More White Papers Events * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV More Events More Insights White Papers * Zero Trust and the Power of Isolation for Threat Prevention * Zero Trust in Real Life More White Papers Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Protecting Enterprise Data from Malicious Insiders More Webinars Reports * Zero Trust and the Power of Isolation for Threat Prevention * Zero Trust in Real Life More Reports DISCOVER MORE FROM INFORMA TECH * Interop * InformationWeek * Network Computing * ITPro Today * Data Center Knowledge * Black Hat * Omdia WORKING WITH US * About Us * Advertise * Reprints FOLLOW DARK READING ON SOCIAL * * * * * Home * Cookies * Privacy * Terms Copyright © 2021 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. This site uses cookies to provide you with the best user experience possible. By using Dark Reading, you accept our use of cookies. Accept