Russian military hackers been waging an ongoing hacking campaign against high-level American targets and have been using a special technique to mask their activities: a tool to hide behind addresses associated with everyday Americans’ home and mobile networks.
In case you missed it, the “SolarWinds” hackers are back. A recent report from Microsoft researchers shows that certain cyber-spies — believed to be members of Russia’s Foreign Intelligence Service — have been targeting droves of American tech firms with a new hacking campaign. These are allegedly the same hackers behind the “SolarWinds” campaign — the massive espionage effort that penetrated the networks of at least nine federal agencies and more than 100 different U.S.-based companies, and spurred multiple Congressional hearings.
A new report from Bloomberg illuminates the method apparently used by the hackers to mask their hacking activities: the deployment of “residential proxies,” which has allowed them to hide behind the IP addresses of unsuspecting Americans.
In essence, a residential proxy uses a pool of real IP addresses that can be legally purchased via specific internet service providers for the purposes of anonymity. It’s a little bit like a VPN, in that it masks your real IP address and lets you go about your online business anonymously. Actually, there seems to be a fairly big industry devoted to this. Googling these services brings up a wealth of companies. And it’s all totally legal, apparently.
By using Americans’ IP addresses, the Russian hackers were able to make their online activities less suspicious than were they to have simply used addresses located in Russia, Bloomberg writes.
“Residential proxies enable someone to launder their internet traffic through an unsuspecting home user to make it appear as if the traffic was originated from a U.S. residential broadband customer instead of from somewhere in Eastern Europe, for example,” Doug Madory, an employee at cybersecurity firm Kentik, told the outlet.
This is interesting but there’s definitely something weird about how pedestrian this is. You would think that Russian military hackers would have a slightly more sophisticated obfuscation technique than one that anybody else could use. Apparently not.
At any rate, whether’s it’s sophisticated or not, the technique seems to have helped these hackers stay busy. Microsoft has reported that, between July 1st and Oct. 19th of this year, the hacking group has attacked 609 of their customers 22,868 times.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Tom Burt, Microsoft’s vice president of privacy and security, said in the company’s recent blog.