The Day

Dozens of companies, agencies burned in a single hack

-

Boston (AP) — The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinate­d series of intrusions also detected in December has gotten considerab­ly less public attention.

Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used.

The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the high-powered U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarke­t and pharmacy chain.

The two-stage mega-hack in December and January of a popular file-transfer program from the Silicon Valley company Accellion highlights a threat that security experts fear may be getting out of hand: intrusions by top-flight criminal and state-backed hackers into software supply chains and third-party services.

The casualties keep piling up, with many being extorted by the Russian-speaking Clop cybercrimi­nal gang, which threat researcher­s believe may have bought pilfered data from the hackers. Their threat: Pay up or we leak your sensitive data online.

Newspapers in English

Newspapers from USA