[TheRecord] White House: Arrested Russian hacker was behind Colonial Pipeline attack

A senior Biden administration official on Friday said one of the Russian hackers arrested earlier in the day by that country’s security service is responsible for the ransomware attack that temporarily crippled the Colonial Pipeline last year.

“We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” the official told reporters during a conference call, referring to the arrests carried out by Russia’s Federal Security Service of members of the REvil ransomware gang.

TASS, the country’s state news agency, said 14 members of the notorious digital gang had been detained. The FSB claimed that it seized more than 426 million rubles, or $600,000 in cash, as well as cryptocurrency wallets, computers and 20 cars.

Last year, a separate Russian hacker group known as DarkSide claimed responsibility for the Colonial attack. The FBI later confirmed the group was behind the incident, which caused panic buying of gasoline along the East Coast. 

However, it is possible that the individual — who the official did not name — worked for one organization before leaving for another or worked for both simultaneously.

REvil was responsible for the supply-chain attack on the software firm Kaseya last year — which impacted more than 1,000 businesses and organizations worldwide — and the digital attack on food processing giant JBS. The group shuttered its operations last July, making a brief comeback later before some of their dark web servers were seized by authorities, seemingly wiping out the criminal group.

Friday’s arrests come amid tensions between Washington and Moscow, as Russia has amassed thousands of troops on the Ukrainian border. The U.S. ​​has publicly accused the Kremling of preparing an invasion of Ukraine and creating a pretext to take such action.

The Biden official, who briefed reporters on condition of anonymity, said the administration believes the activity by Russia’s internal intelligence agency is “not related to what’s happening with Russia and Ukraine,” adding that the White House has been clear it will impose “severe costs” on the Kremlin in coordination with Western allies.

The official noted that following last year’s in-person meeting between President Joe Biden and Russian leader Vladimir Putin, the two countries established an experts group on cybersecurity where administration officials have provided the Kremlin with information about certain cyber criminals operating within its borders and conveyed what actions Washington expects the government to take against them.

“We’re committed to seeing those conducting ransomware attacks against Americans brought to justice,” according to the official, who said the administration was pleased by Friday’s arrests and that expectation is that Russia “would be pursuing legal action within its own system.”

The official also said that the administration has not reached an attribution for the digital campaign that defaced a number of Ukrainian government websites on Friday. 

“While we continue to assess the impact with Ukrainians, it seems limited so far, with multiple websites coming back online,” the official told reporters.

The post White House: Arrested Russian hacker was behind Colonial Pipeline attack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] DarkSide affiliates claim gang’s bitcoin deposit on hacker forum

Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] Software maker removes “backdoor” giving root access to radio devices

The author of a popular software-defined radio (SDR) project has removed a “backdoor” from radio devices that granted root-level access. The backdoor had been, according to the author, present in all versions of KiwiSDR devices for the purposes of remote administration and debugging. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Singapore cautions against marketing of cryptocurrency services to public

All posts, ZDNet

Monetary Authority of Singapore warns again about the high risks involved in cryptocurrency trading and instructs providers of such services not to publicly promote or advertise their offerings, as doing so may encourage consumers to trade on impulse. Source: Read More (Latest topics for ZDNet in Security)

Read More