[ad_1]
US government agencies were hit by a “global intrusion campaign” of cyberattacks that exploited a failure to update a software company, according to cybersecurity firm FireEye, which discovered the hack.
“We have identified a global campaign that introduces engagement in the networks of public and private organizations through the software supply chain,” FireEye blogged. Send late on Sunday.
“This commitment is achieved through updates to a widely used IT infrastructure management software – SolarWinds’ Orion network monitoring product.”
The series of attacks could rank it among the worst in recent memory, as Austin, Texas-based SolarWinds Corp. sells technology products to a sensitive Who’s Who list of targets.
These include the Department of State, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, the five branches of the U.S. military, and 425 Fortune 500 corporations, according to the company’s website and government data.
“The US government is aware of these reports and we are taking all necessary steps to identify and remedy any potential problems related to this situation,” said John Ullyot, spokesman for the National Security Council, in a statement.
According to FireEye, Hackers targeted organizations around the world, in North America, Europe, Asia and the Middle East, and in multiple sectors, including government, technology, consulting telecommunications, as well as oil and gas. The company believes this list will grow.
The attacks included snooping on emails at the U.S. Treasury Department and an arm of the Commerce Department, Reuters reported. An infamous Russian government-backed group of hackers is suspected of being behind the breach, the Washington Post reported.
‘Top-tier Tradecraft’
“The campaign demonstrates world-class operational skills and resources consistent with state-sponsored threat actors,” FireEye said on the blog. “Based on our analysis, we have now identified several organizations where we see signs of engagement dating back to spring 2020.”
All of this suggests that since the US government has focused for the past few months on detecting and countering possible Russian interference in the US presidential elections, US government agencies and sensitive corporate victims undetected.
“If it’s cyber espionage, it’s one of the most effective cyber espionage operations we’ve seen in quite some time,” said John Hultquist, Senior Director at FireEye.
SolarWinds issued a statement that appeared to confirm that the software update system for one of its products had been used to deliver malware to customers.
“We are aware of a potential vulnerability which, if present, is believed to be related to the updates that were released between March and June 2020 for our Orion monitoring products. We believe this vulnerability is the result of a highly sophisticated, targeted and manual attack on the supply chain by a nation state, ”SolarWinds President and CEO Kevin Thompson said in the statement Sunday night.
FBI ‘appropriately’ compromised
Thompson said his company was working with the FBI and others on the investigation. The FBI said it is “duly compromised” and declined to comment further.
Two people briefed on the investigation said that because almost any SolarWinds customer who used the product obtained the tampered software, the number of victims could reach thousands.
Hackers seem to have focused on the most attractive and sensitive targets first, so the harm suffered by various victims can vary widely, depending on the people, who asked not to be identified because the information is not public.
FireEye told customers Sunday that it was aware of at least 25 entities affected by the attack, according to people briefed by the company.
The rapidly expanded investigation came to light on December 8 when FireEye announced that it had been breached in a highly sophisticated attack that it blamed on hackers backed by US adversaries. FireEye discovered the hack during the infringement investigation.
First victim
As researchers followed the attackers’ fingerprints, it now appears that FireEye may have simply been the first victim to detect the attack.
US government investigators are now racing to determine which agencies may also have been breached and the extent to which hackers accessed sensitive information, a process that could take days or weeks.
Fireeye said Last week the attackers were very careful not to be detected, and in their case they had managed to steal tools that the security firm uses to test the security of its clients’ networks. FireEye also said that the hackers were looking for information related to government customers, but did not appear to steal customer data.
A Commerce Department spokesperson confirmed there was a breach “in one of our offices,” which Reuters identified as the National Telecommunications and Information Administration.
The attacks were so concerning that the National Security Council met at the White House on Saturday, Reuters reported. The Treasury Department did not respond to requests for comment.
The Washington Post reported that the Russian hacking group known as Cozy Bear, or APT 29, was behind the campaign. That’s the same group of hackers who were behind the cyberattacks against the Democratic National Committee since 2015.
It was also accused by US and UK authorities in July from infiltrated organizations involved in the development of a Covid-19 vaccine.
The last time the US government was taken so completely by surprise was five years ago, when Chinese hackers stole information related to anyone who had applied for or received a national security clearance from the Office of Management computers. of personal.
That investigation lasted for months, cost some US officials their jobs, and resulted in a massive and costly push to increase the security of unclassified US government computer networks.
This attack, and the next few weeks, will tell how successful those measures were.
Now Read: SABC Confirms Their Website Was Hacked
[ad_2]