In the SolarWinds case late last year, targeting the supply chain meant that Russian hackers subtly changed the computer code of network-management software used by companies and government agencies, surreptitiously inserting the corrupted code just as it was being shipped out to 18,000 users.
Once those users updated to a new version of the software — much as tens of millions of people update an iPhone every few weeks — the Russians suddenly had access to their entire network.
In the latest attack, the S.V.R., known as a stealthy operator in the cyberworld, used techniques more akin to brute force. As described by Microsoft, the incursion primarily involved deploying a huge database of stolen passwords in automated attacks intended to get Russian government hackers into Microsoft’s cloud services. It is a messier, less efficient operation — and it would work only if some of the resellers of Microsoft’s cloud services had not imposed some of the cybersecurity practices that the company required of them last year.
Microsoft said in a blog post scheduled to be made public on Monday that it would do more to enforce contractual obligations by its resellers to put security measures in place.
“What the Russians are looking for is systemic access,” said Christopher Krebs, who ran the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security until he was fired by President Donald J. Trump last year for declaring that the 2020 election had been run honestly and with no significant fraud. “They don’t want to try to pop into accounts one by one.”
Federal officials say that they are aggressively using new authorities from Mr. Biden to protect the country from cyberthreats, particularly noting a broad new international effort to disrupt ransomware gangs, many of which are based in Russia. With a new and far larger team of senior officials overseeing the government’s cyberoperations, Mr. Biden has been trying to mandate security changes that should make attacks like the most recent one much harder to pull off.
In response to SolarWinds, the White House announced a series of deadlines for government agencies, and all contractors dealing with the federal government, to carry out a new round of security practices that would make them harder targets for Russian, Chinese, Iranian and North Korean hackers. Those included basic steps like a second method of authenticating who is entering an account, akin to how banks or credit card companies send a code to a cellphone or other device to ensure that a stolen password is not being used.
Article source: https://www.nytimes.com/2021/10/25/us/politics/russia-cybersurveillance-biden.html