Holiday Bear

From Wikitia
Jump to navigation Jump to search

Holiday Bear (also known as NOBELIUM.[1] (by Microsoft)) is a Russia Cyber spying.

The name "Holiday Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers. It was first coined and attributed by Dmitri Alperovitch and David B. Cross where it was first named on the Risky Business podcast #611[2] on January 20th, 2021. It was specifically named due to the differences from the previously known Cozy Bear and the timeline of activities during the 2020 holiday period. The earliest detected breaches were in the SolarWinds Office 365 email system and may have existed in excess of 9 months.

Attacks

In January, 2021, the Federal government of the United States government acknowledged[3] that a large number of U.S. government agencies and business had been attack by an adversary of Russian origin that was subsequently named Holiday Bear. The first known attack was tied to the SolarWinds Supply chain attack known as SUNBURST and subsequently SUPERNOVA. A number of security businesses were targeted in the supply chain attacks as well. One of the cited examples during the attacker campaign was the compromise of a Mimecast issued certificate[4] which was subsequently used to compromise a number of business email systems.

Brad Smith (American lawyer) claimed during CBS 60-Minutes interview[5] and also his testimony [6]during US Senate Armed Forces committee hearings[7] that 1,000 attackers had been estimated in this campaign. Based on the hearings[8], at least 100 public companies and 9 federal agencies had been attacked, but the total number of victims of the attacks has not been publicly disclosed or publicized.

Government Testimony

Dmitri Alperovitch and others recommended changes in the US cyber strategy and response based on both the Holiday Bear attacks during testimony to the Congressional Homeland Cybersecurity committee[9] and the subsequent Microsoft Exchange attacks by Chinese attackers named Hafnium (group).

  • CEO of Fireye Kevin Mandia testimony [10]
  • Microsoft President Brad Smith testimony [6]
  • CrowdStrike|CrowdstrikeCEO George Kurtz testimony[11]

Future Policy

The activities from both Holiday Bear and Hafnium resulted in a essay published in Lawfare[12] by Dmitri Alperovitch and Ian Ward on how governments should attribute attacks and subsequently respond.

References

  1. "GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM's layered persistence". Microsoft Security. 2021-03-04. Retrieved 2021-03-12.
  2. "Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim - Risky Business". risky.biz. Retrieved 2021-03-12.
  3. "US: Hack of federal agencies 'likely Russian in origin'". AP NEWS. 2021-01-05. Retrieved 2021-03-12.
  4. mimecast. "Important Security Update | Mimecast Blog". www.mimecast.com. Retrieved 2021-03-12.
  5. "SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments". www.cbsnews.com. Retrieved 2021-03-13.
  6. 6.0 6.1 "A digital strategy to defend the nation". Microsoft On the Issues. 2021-02-23. Retrieved 2021-03-13.
  7. "Hearings | Intelligence Committee". www.intelligence.senate.gov. Retrieved 2021-03-13.
  8. Volz, Dustin (2021-02-24). "More SolarWinds Hack Victims Yet to Be Publicly Identified, Tech Executives Say". Wall Street Journal. ISSN 0099-9660. Retrieved 2021-03-13.
  9. "Hearing: Homeland Cybersecurity: Assessing Cyber Threats and Building Resilience". YouTube. Retrieved 2021-03-13.
  10. https://homeland.house.gov/imo/media/doc/Testimony-Mandia.pdf. "Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the U.S. House Committee on Oversight and Reform and House Committee on Homeland Security" (PDF). {{cite web}}: External link in |last= (help)CS1 maint: url-status (link)
  11. "Testimony on Cybersecurity and Supply Chain Threats" (PDF).{{cite web}}: CS1 maint: url-status (link)
  12. "How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?". Lawfare. 2021-03-12. Retrieved 2021-03-17.

External links

Add External links

This article "Holiday Bear" is from Wikipedia. The list of its authors can be seen in its historical. Articles taken from Draft Namespace on Wikipedia could be accessed on Wikipedia's Draft Namespace.