Careful data collection, specific keyword searches and the type of breach were factors that FireEye used to determine that Kremlin-sponsored hackers were behind one of the largest cyber-espionage operations in recent years.
The first revelations about what would come to be known as the SolarWinds campaign — in which spies exploited the federal contractor to breach nine U.S. government agencies and roughly 100 companies — occurred in early December 2020, when FireEye announced that hackers had stolen its security testing tools. The Milpitas-based company discovered that SolarWinds software was affected during the course of its own investigation, sparking examinations throughout U.S. national security circles that remain ongoing.
“We learned it’s fair game to hack the supply chain,” FireEye CEO Kevin Mandia said Tuesday during CyberTalks, a summit presented by CyberScoop.
While scrambling to understand the scope of the breach, FireEye investigators observed that hackers had searched for specific keywords, an indication that they had specific intelligence-gathering goals, Mandia said. The intruders also leveraged specific username and passwords for every account they breached, rather than using a single software backdoor akin to a master key that would unlock all of the necessary data.
“What they were doing was using the exact right credential for everything they went into,” Mandia said. “That’s discipline, that’s training, that’s methodical. And I don’t see any nation doing that other than Russia.”
Within a month of FireEy ..
Support the originator by clicking the read the rest link below.
