At least 200 organizations affected by alleged Russian attack



[ad_1]

At least 200 organizations, including government agencies and companies around the world, have been hacked as part of an alleged Russian cyber attack that implanted malicious code in widely used software, said a cybersecurity firm and three people familiar with the investigations in course.

The actual number of hacking victims has been one of many unanswered questions surrounding the cyberattack, which used a backdoor in SolarWinds Corp.’s Orion network management software as the basis for future attacks.

Up to 18,000 SolarWinds customers received a malicious update that included the backdoor, but the number that was actually hacked, meaning the attackers used the backdoor to infiltrate computer networks, is likely to be much lower.

Recorded Future Inc., a Massachusetts-based cybersecurity company, has identified 198 victims who were hacked using the SolarWinds backdoor, threat analyst Allan Liska said.

Three other people said the investigation so far has determined that hackers further compromised at least 200 victims, moving within computer networks or attempting to obtain user credentials, what cybersecurity experts call “hands-on activity.” keyboard”.

The final number could increase from there.

Neither Recorded Future nor people familiar with the investigation provided the identities of the victims. The number is expected to increase as extensive research continues.

The motive of the hackers remains unknown and it is unclear what they searched or stole from the computer networks they infiltrated.

Of the approximately 18,000 SolarWinds customers who received the infected update, more than 1,000 experienced the malicious code by pinging a second-stage “command and control” server operated by hackers, giving them the option to access more of the update. network, according to the public data available and the three people.

Hackers use command and control servers to manage malicious code once it is within a target network. Of those more than 1,000, researchers have so far determined that at least 200 were hacked.

The next step would be for the hackers themselves to infiltrate the computer network.

A SolarWinds spokesperson said the company “remains focused on collaborating with customers and experts to share information and work to better understand this issue.”

“They are still the first days of the investigation,” the spokesman said.

Hackers affiliated with the Russian government have been suspect from the start, and Secretary of State Michael Pompeo provided confirmation in an interview on Friday.

“There was a significant effort to use a piece of third-party software to essentially embed code within US government systems, and now it looks like they are systems of private companies and companies and governments around the world,” Pompeo said. in a radio interview. . “This was a very significant effort, and I think it is true that now we can say quite clearly that it was the Russians who participated in this activity.”

On Saturday, President Donald Trump downplayed the Twitter hack and suggested that China, not Russia, might be responsible, while the acting chairman of the Senate Intelligence Committee, Marco Rubio, said it was “increasingly clear that the Russian intelligence carried out the most serious cyber intrusion. in our history. “

A major U.S. cybersecurity agency issued a alert on Thursday saying hackers posed a “serious risk” to federal, state and local governments, as well as critical infrastructure and the private sector.

The US Cybersecurity and Infrastructure Security Agency, or CISA, said the attackers were patient, well-resourced and “demonstrated sophistication and complex business skill.”

CISA also said it had found evidence of other possible back doors in addition to the SolarWinds Orion platform, suggesting there could be completely different batches of potential victims that have yet to be identified.

Microsoft Corp. said Thursday that 40 of its customers had been hacked, the attacks were ongoing and the death toll is expected to rise. Those affected included anonymous cybersecurity companies, government agencies and government contractors, of which approximately 80% are in the US.

Cybersecurity company FireEye Inc. was the first victim to reveal that it had been hacked, on December 8, and said that while investigating their own breach, the company’s investigators discovered the back door of SolarWinds. Microsoft itself said it found the malicious SolarWinds update within its network, but found no evidence of access to “production services or customer data.”

Read Now: South African Banks Warn Clients To Stay Away From Instant Electronic Funds Transfer



[ad_2]