Russian Sanctions by US Government - ThreatWire
Added 2021-04-21 17:38:29 +0000 UTCBy Shannon Morse, ThreatWire! https://www.patreon.com/threatwire
The US Government and the Biden Administration have announced formal accusations against the Russian government and several hacking groups for being the source of the SolarWinds supply chain attack as well as 5 total critical security issues that are being actively exploited. This isn’t the first time Russia’s name has been dropped as the perpetrator of the SolarWinds hacks, but these are the first formal accusations we’re seeing.
In the brief, the White House explained that the hacker group Cozy Bear (AKA Apt29 or The Dukes) was the author of the SolarWinds exploit and was actively carrying out attacks, as a part of the Russian Foreign Intelligence Service, also known as the SVR. This joint advisory about the sanctions was shared by the White House, and includes the NSA, CISA, and the FBI warnings about five vulnerabilities that the SVR is currently exploiting against US based organizations.
The sanctions come from the Treasury Department and include several Russian companies for their involvement in “harmful activities” with the SVR, Russia’s Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (the GRU). These include ERA Technopolis, a research and technology park, Pasit, Neobit, AST, and Positive Technologies (all of which are IT companies that had alleged involvement), and SVA, a Russian state owned research institute. The sanctions mean no US companies can do business with them without applying for a specific license with OFAC, the Office of Foreign Assets Control.
According to the documents, these companies have worked closely with the Russian government to supply offensive hacking tools and reconnaissance operations.
To further impose costs on Russia, the US government is also expelling 10 Russian officials from DC. The White House also named several Russian firms involved in disinformation campaigns, including SouthFront, who alleged voter fraud in 2020, and NewsFront, who spreads misinformation about vaccines. Also sanctioned were some Russian cryptocurrencies.
The five vulnerabilities mentioned all have CVEs and patches. These include flaws within the Fortinet FortiGate VPN, Synacor Zimbra Collaboration Suite, Pulse Secure Pulse Connect Secure VPN, Citrix Application Delivery Controller and Gateway, and VMWare Workspace ONE Access. The NSA recommends updating and patching systems, disable remote management capabilities, block unused protocols, and prepping for incident response in the event a hack happens.
Russian Sanctions by the US Government: https://www.theverge.com/2021/4/15/22385371/russia-sanctions-solarwinds-biden-white-house-putin-hack https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/#pop5008885 https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/ https://home.treasury.gov/news/press-releases/jy0127 https://www.cyberscoop.com/us-government-accuses-russian-companies-recruiting-spies-hacking/ https://www.cyberscoop.com/biden-russia-solarwinds-sanctions-white-house/ https://twitter.com/NSACyber/status/1382667579458777088 https://threatpost.com/nsa-security-bugs-active-nation-state-cyberattack/165446/
