Twenty Years of Russian Hacking
The current cyber assaults in opposition to 18,000 private and non-private sector customers of SolarWinds’ Orion community monitoring software program transcend conventional espionage; they’re acts of cyber aggression by Russia in opposition to U.S. methods which have continued for twenty years. The Russian assaults on America started in 1996 with the Moonlight Maze assault, one of many first nation state sponsored cyber espionage campaigns. Russia was blamed for the Moonlight Maze assaults, which concerned the theft of a large quantity of labeled info from quite a few authorities businesses, together with the Department of Energy, NASA, and the Defense Department (DoD), in addition to protection contractors, and personal sector entities. It severely compromised U.S. nationwide safety capabilities, methods, and pursuits.
The Moonlight Maze assault was refined for the time; it routed communications by a third-party server to keep away from detection and constructed again doorways in methods so they may reenter later to exfiltrate knowledge. The marketing campaign was carried out over a two-year interval and was labeled as an Advanced Persistent Threat (APT), a software program menace so stealthy that it’s tough to detect. Moonlight Maze was initially considered as a standalone assault however, after time, laptop researchers and investigators started to see related approaches utilized in different assaults. Ultimately, we realized the identical Russian government-backed teams had been behind all of them.
In 2008, a Russian hacking group named Turla, started attacking U.S. army methods utilizing deception, again doorways, rootkits, and infecting authorities web sites. Russian intelligence was blamed for the assault. In 2017 – almost twenty years after Moonlight Maze – four computer researchers from Kaspersky Labs and Kings College in London had been in a position to acquire the third-party server used to route the Moonlight Maze assaults and hyperlink the Moonlight Maze assaults with Turla. The findings confirmed that the Russian state-sponsored assaults had been ongoing.
Fast ahead to 2014-15, and Russia is again. A gaggle referred to as Cozy Bear, or APT 29, that’s aligned with the Russian intelligence company, SVR (the follow-on company to the previous KGB), was accused of hacking U.S. authorities businesses (together with the White House and Pentagon e mail methods), the Democratic National Committee (DNC), non-public sector corporations, and universities. Symantec said in a 2015 report that it believed “that this group has a history of compromising governmental and diplomatic organizations since at least 2010.” APT-29 is similar group blamed for the SolarWinds assaults.
Another Russian hacking group generally known as APT-28, or Fancy Bear, hacked the DNC, in addition to the White House, the German and Norwegian parliaments, the Organization for Security and Cooperation in Europe, journalists, and big selection of different organizations and personal sector entities. These assaults vary from 2014 by 2020. The group was additionally accused of interfering with the U.S. elections in 2016 and 2020.