U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SolarWinds hackers breached 27 state attorneys’ offices

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The US Department of Justice revealed that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were hacked by the Russia-linked SVR (aka APT29, Cozy Bear, and The Dukes) during the SolarWinds attack. The […]

Scattered Spider DOJ

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns.

The US Department of Justice revealed that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were hacked by the Russia-linked SVR (aka APT29Cozy Bear, and The Dukes) during the SolarWinds attack.

The news of the intrusion was first acknowledged in a statement issued by DoJ on January 6, 2021, at the time the Department said that this activity constituted a major incident under the Federal Information Security Modernization Act (FISMA).  After learning of the security breach, the Office of the Chief Information Officer fixed the issue exploited by the hackers and notified the appropriate federal agencies, Congress, and the public as warranted.

The list of impacted state attorneys’ offices includes:

  • Central District of California;
  • Northern District of California;
  • District of Columbia;
  • Northern District of Florida;
  • Middle District of Florida;
  • Southern District of Florida;
  • Northern District of Georgia;
  • District of Kansas;
  • District of Maryland;
  • District of Montana;
  • District of Nevada;
  • District of New Jersey;
  • Eastern District of New York;
  • Northern District of New York;
  • Southern District of New York;
  • Western District of New York;
  • Eastern District of North Carolina;
  • Eastern District of Pennsylvania;
  • Middle District of Pennsylvania;
  • Western District of Pennsylvania;
  • Northern District of Texas;
  • Southern District of Texas;
  • Western District of Texas;
  • District of Vermont;
  • Eastern District of Virginia;
  • Western District of Virginia; and
  • Western District of Washington.

“The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020.  The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time.” reads the update provided by DoJ. “While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the U.S. Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York.”

According to DoJ, the state-sponsored hackers compromised the Office 365 email accounts of at least 80 percent of employees from US Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York.

The intrusion took place between May 7 to December 27, 2020.

In April, The U.S. and UK formally attributed with “high confidence” the SolarWinds supply chain attack to Russia’s Foreign Intelligence Service (SVR).

The SVR also stole “red team tools,” used by security firms to mimic the techniques of attacks associated with known threat actors and help their customers to detect them.  

In April, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) published a joint advisory that warned that Russia-linked APT group SVR was exploiting five vulnerabilities in attacks against U.S. targets.

Cyberspies leveraged these flaws to obtain login credentials and use them to break into networks of US organizations and government agencies.

The vulnerabilities listed in the advisory are:

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SVR )

[adrotate banner=”5″]

[adrotate banner=”13″]