Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

US Seizes 2 Domain Names Used in Cyberespionage Campaign

The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.

The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.

The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.

The company said over the weekend that it was “still not seeing evidence of any significant number of compromised organizations at this time.” The White House on Friday similarly downplayed the cyber assault as “basic phishing,” in which hackers use malware-laden emails to access networks, and said U.S. agencies had largely fended it off.

Still, officials say the U.S. government’s action on Friday was aimed at preventing any further exploitation of victims, though the Justice Department also warned that the hackers may have used additional backdoor accesses to get into networks between when the hacking first began and the time that the domains were seized.

[Also ReadPoisoned Installers Found in SolarWinds Hackers Toolkit ]

“Last week’s action is a continued demonstration of the department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” Assistant Attorney General John Demers, the Justice Department’s top national security official, said in a statement.

He said the department would “continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

In the case disclosed last week, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations.

The company did not say what portion of the attempts may have led to successful intrusions but said that most were blocked by automated systems that marked them as spam.

Related: Three New Malware Strains Linked to SolarWinds Hackers

Related: CISA: Disconnect Internet for 3-5 Days to Evict SolarWinds Hackers

 

Related: Hackers Targeted SolarWinds Earlier Than Previously Known

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...