US government takes control of Internet domains used by SolarWinds hackers

Computer hacking

THE UNITED STATES GOVERNMENT has taken control of two Internet domains used last month in a large-scale phishing campaign by the same Russian-linked hacker group that was behind SolarWinds. The Department of Justice said on Tuesday it seized the two domains, theyardservice[.]com and worldhomeoutlet[.]com, on May 28, following a decision by a US court that authorized the action.

The large-scale attack was detected on May 25, and was delivered in over 3,000 emails sent from a compromised account belonging to the United States Agency for International Development (USAID). The compromised account was paired with the services of a legitimate email marketing company called Constant Contact. It was subsequently used to deliver phishing emails to the employees of over 150 organizations worldwide, most of them American.

The phishing emails featured an official USAID logo, beneath which was an embedded link to a purported “USAID Special Alert” titled “Donald Trump has published new documents on election fraud”. The link sent users to one of the two illicit subdomains, which infected victim machines with malware. The latter created a back door into infected computers, which allowed the hackers to maintain a constant presence in the compromised systems.

According to Microsoft Corporation, the hackers behind the phishing attack originated from the same group that orchestrated the infamous SolarWinds hack in 2020. The term refers to a large-scale breach of computer systems belonging to the United States federal government and to organizations such as the European Union and the North Atlantic Treaty Organization. The threat actor behind the attack is referred to by cybersecurity experts as APT29 or Nobelium, among other names.

Speaking on behalf of the US Department of Justice’s National Security Division, Assistant Attorney General John C. Demers said on Tuesday that the seizure of the two Internet domains demonstrated the Department’s “commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation”.

Author: Joseph Fitsanakis | Date: 03 June 2021 | Permalink

Obama to nominate wiretapping critic for critical DoJ post

By JOSEPH FITSANAKIS | intelNews.org |
Yesterday we wrote that Leon Panetta’s nomination to direct the CIA is part of a broader effort by US President Elect Barack Obama to reestablish governmental “oversight over the intelligence community, which […] was effectively terminated [after] 9/11”. Now rumors of yet another nomination come to support the view of a broader plan by Barack Obama “to depart from some of the most controversial legal policies of the Bush administration”. The President Elect is shortly expected to nominate David Kris, a former national security legal adviser in the Department of Justice, to lead the DoJ’s National Security Division. The Division was established in 2006 to oversee intelligence activities by US government agencies relating to counterespionage and counterterrorism. Read more of this post