Jaysu
Banned
- Joined
- 21.09.20
- Messages
- 122
- Reaction score
- 838
- Points
- 63
Experts were able to find out who the attackers attacked and how they conducted their operations.
Specialists of the Swiss information security company Prodaft managed to gain access to the servers used by the hacker group associated with the hacking of SolarWinds. Thanks to this, they were able to find out who the attackers attacked and how they conducted their operations. According to experts, the hacking operation was still ongoing this month.
Information security experts managed to hack the computer infrastructure belonging to cybercriminals and study the details of a large-scale malicious campaign that took place from March to August last year. During the campaign, the attackers attacked thousands of companies and government organizations in Europe and the United States. The cybercrime group, named SilverFish by researchers, was targeted for espionage and data theft, Prodaft reported.
According to the researchers, SilverFish carried out "extremely sophisticated" cyber attacks on at least 4,720 victims, including government agencies, IT providers, dozens of banks, EU organizations, large audit and consulting firms, as well as on the world leaders in the COVID-19 testing market, aviation and defense technologies.
In the attacks on the victims, the attackers used not only the backdoor in the SolarWinds software, but also other methods. Prodaft experts do not attribute SilverFish to the government of any particular country, but specify that it is an APT group. According to them, the hackers show signs of a group funded by the government. In particular, they do not pursue financial gain and attack critical infrastructure.
However, a more detailed analysis is required in order to attribute the group to a particular government. For example, the Prodaft report does not imply that hackers from Russia are behind the attacks (according to the US authorities, the Russians are responsible for the SolarWinds attacks).
The report of the Swiss information security company was received with skepticism by many American experts in the field of cybersecurity, who believe that the cyberattacks are an operation of Russian cyber spies. However, researchers at Malwarebytes described Prodaft's findings as"sound."
The company's specialists also talked about how the attackers carried out their operation. According to them, the hackers worked during standard working hours - from Monday to Friday from 8:00 to 20:00. Their servers are located in Russia and Ukraine, and some of them are also used by the Evil Corp group.
The group is an "extremely well-organized" cyber espionage organization, consisting of four teams named 301, 302, 303, and 304. SilverFish attacked government organizations and large corporations, including those from the Fortune 500. At the same time, the hackers were not interested in organizations in Russia, Ukraine, Uzbekistan and Georgia. Organizations in the United States (2,465 organizations) and Europe (1,466 organizations), including Italy, the Netherlands, Denmark, Austria, France and the United Kingdom, suffered the most from hackers.
The hackers wrote comments "in Russian slang and vernacular," while English was the second main language. The source code also contained identification numbers and aliases, including "new hacker, ""cyberbro netsupport" and "walter," for 14 people who likely worked under four teams, the report said.
Specialists of the Swiss information security company Prodaft managed to gain access to the servers used by the hacker group associated with the hacking of SolarWinds. Thanks to this, they were able to find out who the attackers attacked and how they conducted their operations. According to experts, the hacking operation was still ongoing this month.
Information security experts managed to hack the computer infrastructure belonging to cybercriminals and study the details of a large-scale malicious campaign that took place from March to August last year. During the campaign, the attackers attacked thousands of companies and government organizations in Europe and the United States. The cybercrime group, named SilverFish by researchers, was targeted for espionage and data theft, Prodaft reported.
According to the researchers, SilverFish carried out "extremely sophisticated" cyber attacks on at least 4,720 victims, including government agencies, IT providers, dozens of banks, EU organizations, large audit and consulting firms, as well as on the world leaders in the COVID-19 testing market, aviation and defense technologies.
In the attacks on the victims, the attackers used not only the backdoor in the SolarWinds software, but also other methods. Prodaft experts do not attribute SilverFish to the government of any particular country, but specify that it is an APT group. According to them, the hackers show signs of a group funded by the government. In particular, they do not pursue financial gain and attack critical infrastructure.
However, a more detailed analysis is required in order to attribute the group to a particular government. For example, the Prodaft report does not imply that hackers from Russia are behind the attacks (according to the US authorities, the Russians are responsible for the SolarWinds attacks).
The report of the Swiss information security company was received with skepticism by many American experts in the field of cybersecurity, who believe that the cyberattacks are an operation of Russian cyber spies. However, researchers at Malwarebytes described Prodaft's findings as"sound."
The company's specialists also talked about how the attackers carried out their operation. According to them, the hackers worked during standard working hours - from Monday to Friday from 8:00 to 20:00. Their servers are located in Russia and Ukraine, and some of them are also used by the Evil Corp group.
The group is an "extremely well-organized" cyber espionage organization, consisting of four teams named 301, 302, 303, and 304. SilverFish attacked government organizations and large corporations, including those from the Fortune 500. At the same time, the hackers were not interested in organizations in Russia, Ukraine, Uzbekistan and Georgia. Organizations in the United States (2,465 organizations) and Europe (1,466 organizations), including Italy, the Netherlands, Denmark, Austria, France and the United Kingdom, suffered the most from hackers.
The hackers wrote comments "in Russian slang and vernacular," while English was the second main language. The source code also contained identification numbers and aliases, including "new hacker, ""cyberbro netsupport" and "walter," for 14 people who likely worked under four teams, the report said.