Massive attack on U.S. agencies, ‘hack’ of Signal and other cybersecurity events worldwide

We have rounded up the week’s most important cybersecurity news.

Russian hackers blamed for the attack — and again on the U.S.

Late last week, media reported a breach of the Treasury Department’s systems and of one of the divisions of the U.S. Department of Commerce.

The attack was carried out through a breach of the SolarWinds software provider, compromising the Orion platform, FireEye representatives said. The company itself had previously been affected by the hackers’ actions. SolarWinds confirmed the Orion breach.

Over the course of the week, the scale of the problem grew. SolarWinds counted many government agencies among its customers, and versions of the software released between March and June 2020 were compromised.

The Wall Street Journal reported that infected versions reached 18,000 customers. How many were affected is unknown, but the list is expanding.

In addition to the Treasury and a unit of the Department of Commerce, the victims included the U.S. State Department, the Department of Homeland Security, the National Nuclear Security Administration, offices within the Department of Health and Human Services, and many other agencies.

Bloomberg reported that at least three U.S. states were victims. The breach also hit Microsoft.

pic.twitter.com/2GBfCTRSQx

— Frank X. Shaw (@fxshaw) December 18, 2020

According to The Washington Post, the attack was carried out by the Cozy Bear (also known as APT29) hacking group, which is linked to Russian intelligence services. The Russian embassy described the allegations as “baseless.”

The Russian Interior Ministry will create a cyberpolice

The Russian Ministry of Internal Affairs will create a cyberpolice unit within its structure, said Deputy Interior Minister Igor Zubov.

He said that, amid the pandemic, the number of cybercrimes has risen substantially, and society and youth face ‘enormous information pressure of a destructive nature’.

Cellebrite claims to have hacked Signal. Researchers say it’s not quite a hack

The Israeli company Cellebrite said it had found a way to hack the privacy-focused Signal messenger. The initial message was more detailed and contained hacking details, but was later significantly trimmed.

Probably, in response to numerous comments from various experts. Amnesty International security researcher Étienne Maynier said that in the described Cellebrite process there is nothing revolutionary. To access Signal, physical access to an unlocked device is required. And having it, one could read messages of any messenger, if they are not additionally protected.

The creator of Signal responded:

«They could have simply opened the app to view the messages».

https://t.co/Xf6OcxTMHH

— Moxie Marlinspike (@moxie) December 18, 2020

The alleged hacker of Trump’s Twitter account will not be punished

Dutch authorities will not prosecute cybersecurity analyst Victor Gevers, who claims that hacked Donald Trump’s Twitter.

He said he audited Twitter accounts of U.S. election candidates when he managed to obtain Trump’s password.

The Dutch prosecutor said the hacker acted ‘ethically’ by publishing the information, and therefore will not be punished. Authorities handed the investigation data to the United States.

The White House denied the breach, and Twitter said they had no evidence.

Apple and Google will ban location-sharing technology

Apple and Google urged developers to remove X-Mode’s code from their apps. It was used to track users’ geolocation.

As reported by the media, X-Mode collects location data from apps and sells it to contractors. It could be purchased by the U.S. military.

Israeli companies hit by a large-scale cyberattack

Hackers breached the servers of dozens of large Israeli logistics companies and stole information with potential strategic significance.

According to researchers, the attack appears to be a “large-scale intelligence operation” and resembles the 2017 NotPetya attack, which is linked to the Russian General Staff’s Center for Special Technologies. NotPetya is linked to the Russian General Staff’s Center for Special Technologies.

Also on ForkLog:

• The DeFi project warp.finance lost $7.7 million as a result of the attack.
• A malware that steals cryptocurrency was found in the RubyGems repository.
• Ledger users lost another 60 BTC due to a data leak.
• Finland, with Europol’s support, shut down the Sipulimarket dark-web marketplace.
• A hacker breached the founder of Nexus Mutual’s personal address and demanded a ransom of 4500 ETH.
• Operators of the DoppelPaymer ransomware forwarded 262 BTC to Binance.
• Hackers put up for sale in the dark web 250,000 MySQL databases at 0.03 BTC each.

What to read this weekend?

Governments around the world are increasingly raising questions about police access to data protected by end-to-end encryption. Recently, Five Eyes members raised this again, and the EU published a document on the need for access by competent authorities to electronic evidence.

ForkLog dissected the document’s features and spoke to experts about whether end-to-end encryption could be banned.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.