Russian Hackers Remain At Large, Cybersecurity Firm Says

JAKARTADAILY.ID - Last year's SolarWinds cyber espionage attempt by expert Russian state hackers seemingly hasn't slowed them down this year as they continue to steal data "relevant to Russian interests", the Associated Press reported today (December 7, 2021).

Although the number of government agencies and businesses hacked by the Foreign Intelligence Service of the Russian Federation (SVR) was lower this year, measuring the real damage they caused is difficult when approximately 100 entities were compromised, said Charles Carmakal, chief technical officer of prominent U.S. cybersecurity firm Mandiant on Monday.

"The companies that are getting hacked, they are also losing information," he said. "Not everybody is disclosing the incident(s) because they don't always have to disclose it legally."

As per the Mandiant report, these hackers established intrusion beachheads by employing IP addresses, a numeric identification that specifies a computer's location on the internet, that were physically close to the account they were attempting to penetrate.

The Russian cyber-surveillance unfolded primarily in the shadows while the US administration was consumed in 2021 by a new, eminently "noisy" and headline-grabbing cyber danger — ransomware attacks committed not by nation-state hackers but rather by criminal gangs. The firm claimed that the Kremlin has mainly shielded these gangs.

According to Mandiant experts, Russian hackers "continue to innovate and identify new techniques and tradecraft" that allow them to loiter on target networks, hamper detection, and confuse attempts to link breaches to them.

Consequently, security software has a tough time detecting a hacker acting as someone attempting to access their work account remotely using stolen credentials.

The SolarWinds hackers have previously targeted the U.S. Justice Department and several companies, like Microsoft and Mandiant. In response to the incident, the Biden administration issued sanctions in April, including against six Russian organizations that support the country's cyber capabilities.