Nine organizations have been breached with sectors ranging from health care to education and at least one organization theorized to be in the U.S, with the hackers being tracked by security firm Palo Alto Networks, according to CNN.
“With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.” (CNN).
The NSA and the US Cybersecurity and Infrastructure Security Agency are working towards identifying the threat.
“It's the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers' tools in the process.” (CNN).
The NSA believes the disclosure of the campaign shows how dedicated they are to defending security.
“The disclosure of the hacking campaign shows how the NSA is "delivering real-time impact to our partners and the defense of the nation," Morgan Adamski, director of the agency's Cybersecurity Collaboration Center, said in a statement to CNN.” (CNN).
According to CNN, hackers stole passwords in an attempt to gain prolonged access to networks, allowing them to have free reign over information stored in emails or computer systems.
“The attackers are exploiting a vulnerability in software that corporations use to manage their network passwords. CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. Days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software.” (CNN).
The attacks were sophisticated and successful.
“Following initial exploitation, a payload was uploaded to the victim network which installed a Godzilla webshell. This activity was consistent across all victims; however, we also observed a smaller subset of compromised organizations who subsequently received a modified version of a new backdoor called NGLite,” Palo Alto Networks stated. “The threat actors then used either the webshell or the NGLite payload to run commands and move laterally to other systems on the network, while they exfiltrated files of interest simply by downloading them from the web server. Once the actors pivoted to a domain controller, they installed a new credential-stealing tool that we track as KdcSponge.” (HealthITSecurity).
It is advised that organizations utilizing Zoho software to update their systems and monitor for signs of a breach.
Have any questions about cyber-security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh South Carolina. Service offerings include I.T. support, cyber-security and compliance, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
Jill McKeon. Health IT Security. “Hackers Hit Healthcare, Other Sectors With Cyber Espionage Attacks”. Nov. 10, 2021.https://healthitsecurity.com/news/hackers-hit-healthcare-other-sectors-with-cyber-espionage-attacks
Sean Lyngaas. CNN. “Hackers have breached organizations in defense and other sensitive sectors, security firm says ” https://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.html
