Security Market Segment LS
Saturday, 19 December 2020 18:36

FireEye clear that APT29 not behind attacks, says Dragos chief Featured

By
FireEye clear that APT29 not behind attacks, says Dragos chief Image by ItNeverEnds from Pixabay

Breached cyber security company FireEye has explicitly said that the alleged Russian group APT29 is not behind the attack on its own infrastructure and a number of other private and public firms, according to the head of security company Dragos.

Robert M. Lee, a former NSA hacker and the founder and chief executive of Dragos, told the CyberWire podcast that FireEye had made it clear that a new group was to blame for the widespread intrusion that has seen growing alarm within the US Government over the extent of infiltration.

"Originally, people came out and attributed this to Russia and APT29, but FireEye was very explicit that it's not APT29. it's a new group they are tracking," he said.

"We have seen some people, senators and the like, come out and say it's Russia, but we don't know at this point, it's too early in the game."

He said one thing that worried him was the fact that the SolarWinds software was used by numerous other industrial outfits after having been rebadged. These outfits looked after many essential services and this meant those networks could be open to compromise as well and for a long time too.

Lee, whose company focuses on security of industrial control systems, said companies that concentrated on firewalls and anti-virus software would not have the necessary logs to know they had been compromised. This meant they could be open to the attackers for a long time and that was a fairly frightening scenario.

The attack came to light this month soon after cyber security firm FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen. However, the company made no mention of when it had noticed this breach.

Five days later, the firm issued details about attacks using malware which it called SUNBURST, which it said had been used to hit both private and public entities, through the Orion network management software which is a product of SolarWinds.

A number of US Government departments — Homeland Security and Treasury among them — have been named as being affected. FireEye, too, appears to have been a victim. The Orion software has very wide usage in the US and also in Britain.

A Yahoo! News report on Saturday morning made the claim that the attackers had been inside SolarWinds' system since at least mid-2019.

The attribution of the attacks to Russia has been made by only one publication, the Washington Post, with the individual who wrote the report, Ellen Nakashima, being the same person who started the now-discarded theory that Russia was responsible for email leaks to WikiLeaks during the 2016 presidential election.

No US Government agency or private security firm has made any attribution, apart from stating the obvious, that the attacks were very well crafted and had to be by a well-resourced outfit.

Lee said it was not reasonable to expect the government to be the security guarantor for private firms and that the latter had to look after themselves.

He was scathing about companies that offered so-called magic AI solutions that were claimed to be the ultimate preventive, adding that he did not want to hear even one mention of bastardised implementations of the intrusion detection software Snort being sold by this vendor or that.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments