Russia, China, Iran having a red hot go at US political organisations

Risky Business


Going to begin with a bit of a a tragedy in media, which is team at Reuters the security team at Reuters, we're onto an absolutely cracking story. That they had to hurry up and publish because they caught wind that Microsoft we're about to ruin their party time But yeah, they had a fantastic exclusive here about Russian efforts to target the. Biden. Campaign. yes. Reuters are reporting attacks against the same Biden. Campaign of this company called A. S., K. K. Knickebocker. who provide services for them they appear to be based on Microsoft's cloud and coming under attack from the Gi you fancy bit crew going up against you know people involved in the political world the Reuters reporting his focused on this particular organization. But Microsoft's the level of visibility across cloud infrastructure does seem to suggest that actually it's a much wider campaign going on for some time against a number of organizations across political spectrum in the US. Yeah. I mean Microsoft really did release a fair bit of information. It looks like at two hundred organizations targeted by Gi you. They also detect I detected a Chinese stipe backed group IPT thirty one. Basically invalidate email addresses and profile targets sort of doing recon work and they squashed a bunch of domains being used by the Iranians. It's. The contrast between now and two thousand sixteen right way. This stuff is absolutely being taken seriously. I've heard some people say, Oh, well, this is evidence that Russia's trying to interfere in the election. It's not I mean that that could be what they're trying to do but we don't really know what they're up to for all. We know they gathering intelligence. Yeah and the reports that we're seeing a marked swift information describes a whole bunch of attempting to gain access. We don't know what access was gained as a result of these attempts and then what it was used for like those kind of obscure to spot the sort of things that Microsoft reporting Eric you know exactly what you would expect. Right Password Password Reuse credential stuffing type things. Fishing all the usual sorts of techniques that as you said in two thousand sixteen. Worked very effectively and now in twenty twenty, twenty, nineteen, you know we are much better equipped that much much better equipped. To be able to those things, and this is one of the advantages of people moving a lot of this stuff into the cloud is we do get this kind of central visibility in a way that we we just went getting when everyone was using. You know you're here and hotmail there now there's a much more concentrated intelligence, available Microsoft and more. Of An understanding of why it's important to talk about the Microsoft price goes for all of the attempts here and how you know how frequently they were doing force attempts against various accounts and whatever, and they said that we using a pool of approximately eleven hundred Ip's the majority associated with the tall and an amazing service which I interpret that to mean. Mean Tour Exit nerds right and of course if you're seeing like. Hundreds of thousands of filed log attempts from tour exit nods you would think maybe that's how they caught this year. That's a little bit of giveaway. You know obviously being able to you know pull of exit cards are and be able to correlate that there's a pretty strong indicator and it's just kinda funny. I guess in a way because you know illustrating the very deal use nature of talk. Yeah, and Microsoft's advice. Here's a little bit confusing because they like here's enlisted five hundred and thirty net blocks that are associated with this activity and I'm like, do you mean for like? Is this the other ones that want? Already knew about. This other we had language in the release about how they separating forcing from poss- would spraying and you can tell like the fact that they've made a distinction between those things is the result of a really intense. Twain. Various people. That's that'd be my guess. But you know it's good that this stuff is being turned up right Yeah absolutely I. It's good. It's being spotted and being communicated, and also the defensive options for people like things like enable factor indication and monitor failed loggins like those are things that you know in twenty six were actually difficult for people and now you modular Microsoft's licensing from for. Know a much more straightforward for people to do, which is I guess an

Coming up next