Security Experts:

US Seizes 2 Domain Names Used in Cyberespionage Campaign

The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.

The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.

The company said over the weekend that it was “still not seeing evidence of any significant number of compromised organizations at this time.” The White House on Friday similarly downplayed the cyber assault as “basic phishing,” in which hackers use malware-laden emails to access networks, and said U.S. agencies had largely fended it off.

Still, officials say the U.S. government’s action on Friday was aimed at preventing any further exploitation of victims, though the Justice Department also warned that the hackers may have used additional backdoor accesses to get into networks between when the hacking first began and the time that the domains were seized.

[Also ReadPoisoned Installers Found in SolarWinds Hackers Toolkit ]

“Last week’s action is a continued demonstration of the department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” Assistant Attorney General John Demers, the Justice Department’s top national security official, said in a statement.

He said the department would “continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

In the case disclosed last week, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations.

The company did not say what portion of the attempts may have led to successful intrusions but said that most were blocked by automated systems that marked them as spam.

Related: Three New Malware Strains Linked to SolarWinds Hackers

Related: CISA: Disconnect Internet for 3-5 Days to Evict SolarWinds Hackers


Related: Hackers Targeted SolarWinds Earlier Than Previously Known

view counter