Tag Archive for: investigators

Investigators work to determine scope of ransomware attack that hit Virginia IT agency

/in


Posted: / Updated:

The Virginia State Capitol on Wednesday April 1, 2020, in Richmond, Va. (AP Photo/Steve Helber)

RICHMOND, Va. (WRIC) – Investigators looking into the ransomware attack on the Virginia legislature’s information technology agency won’t know more about its scope until just after the new year — or at least that’s the hope.

Click here to subscribe to our breaking news email alerts

A law enforcement investigation led by Virginia State Police is underway and the agency hit with the attack, the Division of Legislative Automated Systems (DLAS), is performing a forensic analysis.

DLAS teams working to fix the issue are conducting a “meticulous, around-the-clock forensic analysis” of the agency’s systems, servers and all connection points, according to its director Dave Burhop.

“A full forensic analysis generally takes several weeks to complete for a digital footprint that’s the size of our legislative systems and we are hoping to have the initial analysis completed just after the new year,” Burhop wrote in an email to 8News.  

The attack affected the computer systems for Virginia’s legislative agencies and commissions, including the Division of Legislative Services and the Division of Capitol Police. DLAS’ internal servers, including the system lawmakers use to draft and modify bills, were impacted as well.

With the 2022 legislative session set to begin Jan. 12, concern has grown over how the attack may affect operations for state lawmakers. Despite this, legislators have been able to file their bills for the upcoming session.

In a ransomware cyberattack, hackers typically infiltrate a computer network to hold the user’s data hostage by encrypting it and demanding they pay a ransom for the hackers to decrypt the data.  

The cybercriminals who hit DLAS provided a note “but details are scant”…

Source…

Iran-backed hackers exploited Microsoft, pose major cyber threat, investigators say

/in


Law enforcement agencies in the U.S., Britain, and Australia have issued a joint statement labeling an Iran-sponsored group as a serious threat to cyber security.

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Cyber Security Center (ACSC), and British National Cyber Security Center (NCSC) released a joint cybersecurity advisory Wednesday that linked a group of hackers to the Iranian government.

The agencies also labeled the group an advanced persistent threat (APT) after it exploited Fortinet and Microsoft Exchange in March and October, respectively. The group gained access to the systems as part of an ongoing operation to deploy ransomware.

The advisory notes the group has actively targeted “a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Heath Sector, as well as Australian organizations.”

FBI AWARE OF AND INVESTIGATING FAKE FBI EMAILS SENT TO THOUSANDS

Authorities did not name the Iranian actors or tie them to a specific group working for the government.

Cybersecurity agencies in all three countries urged any organization using Microsoft Exchange and Fortinet to investigate any suspicious activity in their networks.

The U.S. has identified a number of foreign ransomware attacks over the past two years, most notably the Ryuk and Darkside groups, which authorities tied to Russia, but not to the Russian government.

US AUTHORITIES SEEK EXTRADITION OF RUSSIAN FOR ALLEGED RANSOMEWARE MONEY LAUNDERING OPERATION

Ryuk orchestrated a number of attacks on U.S. health care organizations and facilities during the peak of the coronavirus pandemic, delaying potentially life-saving treatments for patients, according to Radio Free Europe.

U.S. authorities tied Darkside to the Colonial Pipeline ransomware attack that occurred in May 2021.

Earlier this year, the Biden administration imposed sanctions on Russia for the SolarWinds computer hack, which began in 2020 when malicious code was sneaked into updates to popular software that monitors computer networks of businesses and governments.

MICROSOFT SAYS RUSSIAN GROUP BEHIND SOLARWINDS ATTACK NOW TARGETING IT SUPPLY…

Source…

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

/in


News Highlights: Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say.

Almost a third of the victims have it

SolarWinds Corp.

SWI 0.24%

software initially considered the main attack route for the hackers, according to investigators and the government agency who looked into the incident. The revelation sparks concerns that the episode exploited vulnerabilities in enterprise software used by millions every day.

SHARE YOUR THOUGHTS

What changes do you think the U.S. government and businesses may need to make to protect data? Join the conversation below.

Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, guessing passwords online, and responding to a variety of issues in the way

Microsoft Corp.’s

MSFT -2.92%

According to the researchers, cloud-based software has been configured.

About 30% of both private and government victims linked to the campaign had no direct affiliation with SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview.

The attackers “gained access to their targets in various ways. This adversary has been creative, ”said Mr. Wales, whose agency, part of the United States Department of Homeland Security, is coordinating the government’s response. “It is absolutely correct that this campaign should not be viewed as the SolarWinds campaign.”

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, at a Senate subcommittee hearing in December.

Photo:

Rod Lamkey – Cnp / Zuma Press

Company investigators come to the same conclusion. Last week, computer security company Malwarebytes Inc. that some of his Microsoft cloud email accounts were compromised by the same attackers which SolarWinds attacked, using what Malwarebytes called “another intrusion vector.” The hackers broke into a Malwarebytes Microsoft Office 365 account and took advantage of a loophole in the software’s configuration to access a greater number of email accounts, Malwarebytes said. The company said it does not use SolarWinds software.

The incident showed how advanced attackers could jump from one cloud…

Source…

FBI-Apple case: Investigators hack San Bernardino attacker’s iPhone without Apple’s help

/in

This undated combination of photos provided by the FBI, left, and the California Department of Motor Vehicles shows Tashfeen Malik, left, and Syed Farook. Photo: PTI The FBI has unlocked the iPhone used by one of the San Bernardino attackers, officials …
mac hacker – read more