briefly.co Open in urlscan Pro
54.237.159.171  Public Scan

Form analysis
0 forms found in the DOM

Text Content

TodayBrowse

Sign upLog in
Click any sentence to highlight it.
Sign up / Log in to save.


Welcome to Briefly
your tl;dr for the Internet

You can use Briefly to save content for yourself and to share across your social
networks, including Twitter and LinkedIn. Your highlights contribute to
organized feeds, curated by real people like you who care about the same topics.

Together we can build a better newsfeed!

More about Briefly.

Welcome to Briefly
your tl;dr for the Internet. About Briefly

Highlight and share articles

Build a better feed for yourself and others

Dark Reading
Why the Private Sector Is Key to Stopping Russian Hacking Group APT29


Problem with this article? Report
As the Russian cyber threat heats up, it is becoming clearer that the protection
of US and European national interests is increasingly in the hands of civilians
at IT and software companies.
American and European IT businesses that on the surface have nothing to do with
the government are unwittingly serving as stepping-stones for enemy state
cyberattacks and espionage campaigns.
If these attacks are successful, they could not only have devastating effects on
government and military secrets but also jeopardize trust in the software supply
chain that is increasingly at the heart of the modern economy.
During recent months, my company, along with other large companies, including
Microsoft, have seen the Russian hacking group APT29 - blamed for the massive
SolarWinds cyberattack and the 2015 infiltration of the Democratic National
Committee - quietly trying to gain access to large IT companies, mainly those
that offer cloud-based software services to businesses and government
organizations.
The threat of damage looms large, especially because the agile and deep-pocketed
group shows no signs of stopping.
APT29 will continue to target individual workers at software supply chain
companies, mainly through phishing campaigns, and use hard-to-detect, unique
tools to turn these service providers into proxies for carrying out espionage
attacks against sensitive targets like military or government agencies.
APT29 is not interested in Microsoft or other IT companies themselves, or even
in their direct customers, which offer customized cloud software products.
Rather, they intend to use them as proxies to attack subscribers and users
further down the chain, which may include defense companies, government
agencies, or contractors with valuable or classified information.
Governments, contractors, and corporations increasingly rely on cloud services,
partly for the flexibility they allow for services from multiple software
vendors.
In a recent case we mitigated at a cloud-based software company, APT29 did not
attempt to take or otherwise compromise any data from the large software company
itself.
Rather, the hackers attempted to find which individuals in the software company
hold information about or are connected to customers that are the ultimate
targets.
They initially reached these employees through phishing campaigns, and then were
able to use a unique tool to take over and use their legitimate network
connections as proxies to potentially reach the ultimate targets but remain
undetected.
The tool, which we discovered, does not siphon off information, but rather just
allows the hackers to use accounts and connections as proxies to reach other
targets.
This targeting of certain employees, based on their potential connections to
eventual targets, is a unique and new approach for APT29.
It's a tedious process that the hackers carried out over time, perhaps for
nearly a year, undetected inside the software supplier.
Although this was the same group that the US government has blamed for the
SolarWinds attack, this attack, from what we saw, was quite different.
In this case, the hackers sought out possible connections only to certain
customers of the software company rather than simply targeting everyone through
a malicious software update as happened in the SolarWinds attack.
The fine-tuned nature of the attacks points to the operatives receiving guidance
and other intelligence beforehand from their handlers.
Once the cyberattackers are inside software service providers, they gain not
just the access but also the knowledge needed to carry out sophisticated
phishing attacks on valuable targets that are connected to the software
suppliers.
It is easy to see how those working at the targets themselves would open up
emails, and even download attachments that look like they come from their
software service providers.
Ultimately, this can lead to malware on the networks of government organizations
and defense companies that allows the attackers ongoing access to valuable or
classified information.
This shows that no matter how well protected the end targets may think they are,
there is increasingly a backdoor via their software supplier or anyone they have
digital connections with.
Because these actors are relying mainly on phishing to get into the software
suppliers and the actual targets further down the chain, there is no easy
technological solution, like patching a list of vulnerabilities.
All of this means it is largely up to humans inside private-sector companies to
prevent such attacks through the usual, although often ignored, methods, like
using multifactor authentication and teaching employees to recognize phishing
attempts.
Our intelligence indicates that APT29 and other state actors will continue to
target software supply chain companies, especially those that serve the
military, defense, or key technology sectors in the US and Europe.
The growing cloud computing sector is expected to be worth $1.25 trillion by
2028, and is vital to managing everything from infrastructure to supply chains
to online banking.
If not well secured, the software supply chain will continue to pose an enormous
risk to national security and the economy.
Continue
Continue
More in Privacy professionals
 * UK urged to review lobbying rules after former privacy chief joins law firm
 * Planned Parenthood LA Breach Compromises 400,000 Patients' Data
 * The infrastructure law just gave a boost to controversial driver-monitoring
   AI tech companies
 * Indonesian Court Allows Internet Blocking During Unrest, Tightening Law
   Enforcement Control Over Users' Communications and Data
 * Malware Attack, Mitigation Techniques and Malware Analysis
 * Virtual Worlds, Real People: Human Rights in the Metaverse
 * Researchers Explore Microsoft Outlook Phishing Techniques
 * Opinion | We Need Less Talk and More Action From Congress on Tech
 * Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say
 * Computer Networking Part Two: What is The Internet

Invite
AboutPrivacyTerms of UseSupportBlogFor content owners
PrivacyLegalSupportFor content owners
…
Cookie Control Close Icon


THIS SITE USES COOKIES TO STORE INFORMATION ON YOUR COMPUTER.

Some of these cookies are essential, while others help us to improve your
experience by providing insights into how the site is being used.

I AcceptI Do Not Accept

--------------------------------------------------------------------------------


NECESSARY COOKIES

Necessary cookies enable core functionality such as page navigation and access
to secure areas. The website cannot function properly without these cookies, and
can only be disabled by changing your browser preferences.

--------------------------------------------------------------------------------


ANALYTICAL COOKIES

Analytical cookies help us to improve our website by collecting and reporting
information on its usage.

Show vendors within this category
Analytical CookiesOnOff

--------------------------------------------------------------------------------

About this tool(Opens in a new window)External Link Icon
Cookie Control