Original title: American software company was blackmailed by hackers and spread to thousands of companies. Biden: If Russia is involved, it will respond
【text/observer Net Weekly Yibo】
On July 2, local time, Kaseya, an American IT software service company, suffered a ransomware attack. According to the analysis of Huntress, a US cybersecurity company, at least 200 US companies using the company's products have been affected, and the source of the attack is directed to the hacker organization Revil. Cassia pointed out that because many of the company’s product users are providers of IT management services, the attack will also affect "users of users." The total number of victims is estimated to be in the thousands.
In addition to the United States, the Swedish Coop company chain supermarket stores have also been affected by the use of Cassia’s software. More than 800 stores across the country have been closed.
According to Reuters and "New York Times" news, on July 3, US President Biden stated that he had ordered US intelligence agencies to investigate the behind-the-scenes of the incident. If it is found to be related to the Russian government, it will "respond."
Before this, the United States also pointed the source of cyber attacks to Russia. In May of this year, Brazil’s JBS SA, the largest beef producer in the United States, was attacked by ransomware, resulting in the closure of all its feed beef plants in the United States.
During the period, the White House believed that the attack was initiated by the Revil organization and claimed that it was located in Russia. However, “Russia Today” (RT) pointed out when reporting the incident that the Biden administration’s so-called “cyber attacker came from Russia” allegations were not supported by any evidence.
"This is a huge and devastating'supply chain attack'"
On July 2, U.S. IT software services company Kassia issued a statement on its official website that its remote monitoring and management service product Kaseya VSA suffered a cyber attack. Users of the product are at risk of being invaded by ransomware.
The relevant statement pointed out that Kaseya VSA is mainly used by IT professionals to manage servers, desktops, network devices and printers, with more than 36,000 users.
On the same day, the American cybersecurity company "Huntress" began to follow up on the matter and issued a statement stating that more than 200 American companies have been affected by the attack.
Kaseya Company further pointed out that since many Kaseya VSA users are providers of IT management services, this cyber attack will also affect their “users’ Users", "a large number of organizations may be affected".
On July 4, Fred Voccola, CEO of Cassia, said that all the victims of this attack are estimated to be in the There are about a thousand people, including not only the direct users of the company, but also small businesses such as "dental clinics, construction companies, plastic surgery centers, libraries, etc.".
Moreover, it’s not a coincidence that the attackers chose to conduct operations on the weekend holiday of Independence Day (July 4) in the United States. There is no one on duty during this period, and many victims may not learn about the situation until after work on Monday (5th).
In addition to American companies, Sweden has also been affected by this cyber attack.
According to the British Broadcasting Corporation (BCC), the Swedish Coop company stated that due to the stoppage of its supermarket chain cashier counters, more than 500 of its 800 stores nationwide It was forced to close on July 2.
It is reported that the company is not the direct target of this cyber attack, but because it indirectly used Cassia’s software, it was affected.
"We first noticed that a few stores had problems at around 6:30 pm on Friday (2nd), so we closed these stores in advance." Coop A company spokesperson said, "But overnight we realized that this problem was much bigger than we thought."
"Our cash register The entire payment system has stopped working, so we need time to restart the system."The cashier of Coop supermarket in Sweden has disabled social media screenshots
Combining Reuters, Associated Press, and US political news website "Politico" news, "Huntress" company senior security researcher John Hammond (John Hammond) on this matter Said, “This is a huge and devastating'supply chain attack'.”
According to the introduction, “supply chain attack” refers to Attacks are launched against weak links in a company's supply chain to disrupt the operation of the entire company's supply chain as a form of cyber attack.
Hammond pointed out that since Cassia’s business scope covers large and small companies around the world, this attack may extend to companies of any size.
At the same time, this attack also includes the form of ransomware, which is to encrypt the victim’s important files through software, and then ask the victim for a ransom in exchange for decryption. Key.
The "Huntress" company previously stated that after analyzing relevant data, it can be determined that the initiator of this attack is the hacker organization REvil.
Hammond said that he had seen REvil offer a asking price of 500,000 or 5 million US dollars (about 32.314 million yuan), and the lowest price was 4.5. Ten thousand US dollars (approximately RMB 290,000).
According to the continuously updated statement of Cassia and the "Huntress" company, as of July 4, local time, the cyber attack has not yet been resolved.Statement published on the official website of "Huntress Company"
Biden: If it is found that the The Russian government will "respond" to relevant information.
Comprehensive Reuters and New York Times news. On July 3, local time, U.S. President Biden went to Michigan. During the promotion of the vaccination plan, I was asked about the hacker attack on the Cassia company.
It is worth noting that when Biden answered the question, he did not respond on the spot, but took out the "answer" from his arms.
The live video showed that Biden was shopping in a local store at the time. After being asked a question, he first said: "We are not sure who this is (did)... …" "The initial thought was that it was not the Russian government." "I listened to the briefing on the plane."
Then, Biden took it from his jacket pocket He took out a card and began to "read the manuscript" according to the information on the card. "Let me tell you what they gave me." Biden said that he has instructed US intelligence agencies to investigate if they determine that Russia is the culprit, "I told Putin, we will respond."
Reported that on June 16, Biden and Putin held their first summit in Geneva, Switzerland. At the time, Biden urged PutinFight against Internet hackers from Russia, and warned that if such ransomware attacks continue to spread, Russia will face corresponding consequences. According to the US political news website "Politico", Biden said after the summit that he had emphasized to Putin at the summit that "the United States has strong network capabilities."
Biden was asked about the hacking of the Cassia company Reuters Video screenshot
Before the Cassia Inc. incident, the United States had repeatedly pointed the source of its domestic cyber attacks to Russia.
On May 7, Colonial Pipeline, the operator of the nation’s largest refined oil pipeline, was attacked by hackers and ransomware, and was forced to suspend operations, resulting in the southeastern states of the United States A large-scale oil shortage quickly appeared.
On the same day, Biden stated in a public speech that the hacker who launched the cyber attack on Colonial Pipeline is now living in Russia, but he believes that Putin and the Russian government are The attack has nothing to do.
On May 31, Brazil’s JBS SA, the world’s largest meat supplier, was attacked by hackers, resulting in the closure of all its feed beef plants in the United States.
On June 1, a White House spokesperson stated that the ransom request for JBS SA is a hacker organization that may be located in Russia, and the United States has contacted Russia on this matter. The government also sent a message: responsible countries do not harbor blackmail criminals.
However, “Russia Today” (RT) stated in its report on the JBS SA incident that there is no evidence to support the Biden administration’s statement that “the cyber attacker came from Russia "Allegations.A cyber attack on JBS SA resulted in the closure of many meat processing plants in the United States. Screenshot of CBS video from US media Massive information, accurate interpretation, all in Sina Finance APP
Editor in charge: He Zhongfu