United States

Cyber-security

Bear hunt

Hackers have vaulted into the heart of America’s government

On september 25th Russia’s president, Vladimir Putin, warned that a “largescale confrontation in the digital sphere” was looming. He offered a solution. Russia and America would “exchange guarantees of non-interference in each other’s internal affairs, including electoral processes, including using ICT”—in short, a cybertruce. Even as he spoke, his hackers were apparently deep inside some of America’s most sensitive networks.

American officials claim that a group of hackers known as APT29, or more evocatively as Cozy Bear, thought to be part of the SVR, Russia’s foreign intelligence service, penetrated several American government bodies—the list so far includes the Treasury, Commerce, State and Homeland Security Departments, along with the National Institutes of Health—where they could read emails at will. It appears to be one of the largest-ever acts of digital espionage against America.

The intrusion took a circuitous route. Between March and June, SolarWinds, a Texan company, pushed out updates to its Orion software, which is widely used to help organisations monitor their networks. The malware hitched a ride on those updates. Once downloaded, it allowed hackers to impersonate an organisation’s system administrators, who typically have the run of the entire network. It cleverly funnelled out data by disguising it as legitimate traffic while parrying anti-virus tools. Once inside, intruders can remain present even if Orion is disconnected.

譯文由可可原創，僅供學習交流使用，未經許可請勿轉載。