US and UK Release Details on Russia's SolarWinds Hackers

The U.S. and U.K. released details on Friday about how Russia's foreign intelligence service operates in cyberspace, the latest effort to try to disrupt future attacks. From a report: The report contains technical resources about the group's tactics, including breaching email in order to find passwords and other information to further infiltrate organizations, in addition to providing software flaws commonly exploited by the hackers. It also offers details about how network administrators can counter the attackers' tactics. "The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, health-care and energy targets globally for intelligence gain," the two countries wrote in a Friday report authored jointly by the U.K.'s National Cyber Security Centre and three U.S. agencies, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.

Report link

[Charlotte]

The report can be found here [ncsc.gov.uk].

Re:

[Canberra1]

By exploiting common ... These agencies have the source code and the ability to close holes and sloppy work - run it through automated checkers/scanners. The fact this it is their negligence for NOT closing these holes - is the problem. Plus remaining customers of software companies who have put security as an afterthought. Given claims that lots of source has been purloined, it means the other side has a free hand while unpatched flaws get no attention. If you don't like it, then lift your game by correcti

Bollocks by Bloomberg (TM)

[kot-begemot-uk]

Here is the actual report: https://www.ncsc.gov.uk/files/... [ncsc.gov.uk]

I have not finished reading it yet, but it is so far (half-way through) the usual bollocks by attribution without any evidence of origin. The only positive change is an actual list of CVEs and exploits (most of them well known and in use by everyone and their dog).

The report also contains links to analysis of some of the components by third parties.

Need to finish reading it (probably after dinner).

Re:Bollocks by Bloomberg (TM)

[kot-begemot-uk]

Just finished reading it - the "proof" is that the targets are "interesting" to the Russians.

Well, f*cking hell, that means they are also interesting to Chinese, NK, Iran, Hezbollah and god knows who else. As far as proof goes that is NIL.

The other interesting parts are:

1 The key part of the malware is written in Go. That is a rather obvious development - you do not need to bother about runtime libs because it generates a big statically linked executable and it is relatively easy to write in.

2. The big (detected) fallout is not from Solarwinds. The big fallout is from Solarwinds being used to breach mimecast and get their hands on a certificate. That is something the write-up is very suspiciously skimpy on and that is the interesting part because mimecast is in use by UK govt, Uk parliament, most NATO governments, their dog and their cat.

Re:

[BardBollocks]

I expected this to be the same quality reporting we saw when New Knowledge faked Russian election interference and Bloomberg coverage of China Supermicro mainboard modifications.

In other words - complete unbelievable, unbacked, bullshit.

Russian thru the gate

[Bloozguy]

"The report contains technical resources about the group's tactics" Hypocritical projection much?

subject

[WarrenSantiago]

I am all for punishing Russia, China, but this is a breakdown in our National security agencies. Never again allow a corporation to develop software that can be hacked so easily. It’s time to develop a secure 2nd internet system that cannot be made available to the public and only for national security purposes. https://writemyessay.onl/write... [writemyessay.onl]