Report says Russian hackers still spying
WASHINGTON – The elite Russian state hackers behind last year’s massive Solarwinds cyberespionage campaign hardly eased up this year, managing plenty of infiltrations of U.S. and allied government agencies and foreign policy think tanks with consummate craft and stealth, a leading cybersecurity firm reported Monday.
On the anniversary of the public disclosure of the Solarwinds intrusions, Mandiant said the hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests” with great effect using novel, stealthy techniques that it detailed in a mostly technical report aimed at helping security professionals stay alert.
It was Mandiant, not the U.S. government, that disclosed Solarwinds.
While the number of government agencies and companies hacked by the SVR was smaller this year than last, when some 100 organizations were breached, assessing the damage is difficult, said Charles Carmakal, Mandiant’s chief technical officer. Overall, the impact is quite serious. “The companies that are getting hacked, they are also losing information.”
The Russian cyber spying unfolded mostly in the shadows as the U.S. government was consumed in 2021 by a separate, eminently “noisy” and headline-grabbling cyber threat – ransomware attacks launched not by nationstate hackers but rather criminal gangs. As it happens, those gangs are largely protected by the Kremlin.
The Mandiant findings follow an October report from Microsoft that the hackers, whose umbrella group it calls Nobelium, continue to infiltrate the government agencies, foreign policy think tanks and other organizations focused on Russian affairs through the cloud service companies.
Mandiant researchers said the Russian hackers “continue to innovate and identify new techniques and tradecraft” that lets them linger in victim networks, hinder detection and confuse attempts to attribute hacks to them. In short, Russia’s most elite state-backed hackers are as crafty and adaptable as ever.