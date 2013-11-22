The hacking group Microsoft ID'd is among the world's most cutthroat and skilled
Microsoft on Thursday fingered Russia's military intelligence arm as the likely culprit behind ransomware attacks last month that targeted Polish and Ukrainian transportation and logistics organizations.
If the assessment by members of the Microsoft Security Threat Intelligence Center (MSTIC) is correct, it could be cause for concern for the US government and its European counterparts. Poland is a member of NATO and a staunch supporter of Ukraine in its bid to stave off an unprovoked Russian invasion. The hacking group the software company linked to the cyberattacks—known as Sandworm in wider research circles and Iridium in Redmond, Washington—is one of the world's most talented and destructive and is widely believed to be backed by Russia's GRU military intelligence agency.
Sandworm has been definitively linked to the NotPetya wiper attacks of 2017, a global outbreak that a White House assessment said caused $10 billion in damages, making it the most costly hack in history. Sandworm has also been definitively tied to hacks on Ukraine's power grid that caused widespread outages during the coldest months of 2016 and again in 2017.
Last month, Microsoft said that Poland and Ukraine transportation and logistics organizations had been the target of cyberattacks that used never-before-seen ransomware that announced itself as Prestige. The threat actors, Microsoft said, had already gained control over the victim networks. Then in a single hour on October 11, the hackers deployed Prestige across all its victims.
Once in place, the ransomware traversed all files on the infected computer's system and encrypted the contents of files that ended in .txt, .png, gpg, and more than 200 other extensions. Prestige then appended the extension .enc to the existing extension of the file. Microsoft attributed the attack to an unknown threat group it dubbed DEV-0960.
On Thursday, Microsoft updated the report to say that based on forensic artifacts and overlaps in victimology, tradecraft, capabilities, and infrastructure, researchers determined DEV-0960 was very likely Iridium.
(Score: 1) by khallow on Tuesday November 15, @02:47AM
So those sanctions work? Good. And let us keep in mind that if Russia didn't want to run afoul of the imperialist warmongers, they merely needed to not invade Ukraine.
I find it interesting how Orwellian the language is here. Russia did a blatantly imperialistic warmongering move in invading Ukraine. True fact. Yet when the media (no doubt the Western media propagandists) reports a relatively mild Russian shenanigan, the reporting is superserious warmongering. Well, how much war has the decades of reporting on this sort of hacking resulted in? Not much - if you choose to look.
It's time to think for yourself. Not kiss Big Brother's ass.
(Score: 3, Insightful) by Gaaark on Monday November 14, @04:52PM (7 children)
Is this not really ANOTHER reason to drop Microsoft's products all together?
At least to put everything onto linux and have Windoze running in a VM?
Soooo... how's that TCO working for you, Windows users? Lower than switching to linux? That's just for one attack...
(Score: 3, Interesting) by canopic jug on Monday November 14, @05:40PM (6 children)
These ongoing breaches have been caused by the capture of most of the Ukrainian infrastructure by M$ which has shoehorned what it can into the failure labeled Azure. M$ is then able to fake growth for Azure by "donating" so much of its otherwise vacant capacity.
As a side effect, Ukraine's infrastructure is as a result fully permeable by hostile actors at a level never before even imaginable. Even though Ukraine is getting these "services" at a very low financial cost, it is coming at the cost of their systems' integrity and availability. There's your TCO for you. As far as Ukraine is concerned M$ is a very hostile actor in this context. The only benefit would be that the US has complete and thorough oversight of every activity inside Azure. However, that benefit comes at the cost of the Kremlin having a rather easy time of making hostilities on the cyber front.
"have been caused by the capture of most of the Ukrainian infrastructure by"
what part of Ukrainian infrastructure hasn't been captured by corrupt western powers?
(Score: 1) by khallow on Tuesday November 15, @02:49AM
The part that hasn't been invaded by Russia?
(Score: 2) by Sjolfr on Monday November 14, @08:34PM
Ransomeware/viruses/spyware/worms/you-name-it ... seems to only exist in M$ environments. Hmmmm .....
(Score: 2) by Snotnose on Monday November 14, @09:12PM (2 children)
Russia (and everyone else) attacks Windows because 90% of the computers they care about run it. I suspect that at this point Windows is one of the most secure systems out there today.
What do you think will happen when 90% of the attacks go against Linux systems? I'm guessing a whole lot of them will be effective, because Linux, much as I love it, hasn't had to deal the the onslaught Windows has. Granted, Linux is more secure by design because it came from a world of multiple users on a single machine, whereas Windows didn't even have an admin account until they were forced to.
(Score: 0) by Anonymous Coward on Monday November 14, @11:21PM
Umm you probably need to follow your advice a little. Its not even a Windows vs Linux or Cloud vs Physical DCs debate. Having worked in lots of organizations across different sectors for the last 20+ years, its how the corporate view IT as a cost and they continue to try to minimize operational costs and continue to get away with doing bare minimum when it comes to cyber security.
(Score: 2) by Gaaark on Tuesday November 15, @01:47AM
More servers run linux than Windows:
https://w3techs.com/technologies/comparison/os-linux,os-windows [w3techs.com]
Servers are where the data is. Why do they not hack linux servers as much as they do Windows servers? Because Windows servers are easier to hack.
https://soylentnews.org/article.pl?sid=22/11/13/1343217 [soylentnews.org]
THAT didn't happen on linux servers.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by jb on Tuesday November 15, @02:36AM
There, FTFY.
Think that's going too far? Then think again. These days that bunch of crooks actually ship spyware baked into the operating system itself. In infosec today, if you think of Microsoft as anything other than yet another adversary then you've completely misunderstood the problem...