[ad_1]
According to Reuters,The US Department of Homeland Security and thousands of companies rushed to investigate and respond to a large-scale hacking campaign on Monday, with authorities suspecting the campaign was led by the Russian government.. Three people familiar with the matter told Reuters on Monday that, as part of a complex series of vulnerabilities, emails sent by Department of Homeland Security officials responsible for border security and defense against hacker attacks were being monitored by hackers. computer scientists. The attack first revealed Sunday also affected the United States Departments of the Treasury and Commerce.
access:
[活动]Alibaba Cloud “End of the Year Ceremony for Enterprise Feitian Members”: New Users Can Get Up to 1212 Yuan Red Envelope
Joint Baidu Library Membership Activities – Add Baidu Netdisk Annual Card for just RMB 193.74
The technology company SolarWinds is a key “springboard” used by hackers. The company said that up to 18,000 customers downloaded a compromised software update, allowing hackers to go undetected for nearly 9 months. Companies and institutions.
The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software, saying the software has been compromised by “malicious actors.”
This warning was issued after Reuters reported that Russian hackers used hijacked SolarWinds software updates to invade various US government agencies, including the Departments of the Treasury and Commerce. Moscow denied any connection to the attack. A person familiar with the hacking activities stated that critical networks used by the cybersecurity department of the Department of Homeland Security to protect infrastructure, including recent elections, have not been compromised.
The Department of Homeland Security said it was aware of these reports, but did not directly confirm these reports, nor did it say how severe the impact was. The Department of Homeland Security is a large bureaucracy responsible for ensuring the distribution of the COVID-19 vaccine. After the director of the Infrastructure Security and Cybersecurity Agency (CISA) of the Department of Homeland Security (DHS), Christopher Krebs, described the 2020 presidential elections as the safest in the history of the United States, the president of the United States United, Trump, fired Responsible Krebs. His deputy and head of elections have also left.
SolarWinds stated in a regulatory disclosure that it believes the attack was carried out by an “outside nation-state” and that they inserted malicious code into the Orion network management software update released between March and June of this year.
“SolarWinds currently believes that the actual number of customers who may have installed Orion products that contain this vulnerability is less than 18,000,” he said.
The company did not respond to requests for comment on the exact number of customers affected or the extent of the violations by these organizations. The company stated that it is unaware of the vulnerabilities in its other products and is currently investigating with the help of US law enforcement agencies and outside cybersecurity experts.
SolarWinds has 300,000 clients around the world, including most of the Fortune 500 companies in the United States, as well as some of the most sensitive parts of the United States and Great Britain governments, such as the White House, defense agencies and the signal intelligence agencies of the two countries. Today, researchers around the world are racing against time to find hackers. A British government spokesman said the UK is unaware of the impact of piracy but is still investigating.
Three people familiar with the hackers’ investigations told Reuters that any organization running a compromised version of the Orion software would have a “back door” installed on their computer system by the attacker. “After that, it’s just a question of whether the attacker decides to use this authority more,” said one of the sources.
According to two people familiar with the wave of corporate cybersecurity investigations that began Monday morning, the first signs indicate that hackers are different when they choose to invade. “What we see is much less than all the possibilities,” said one person. “They are using this as a scalpel.”
FireEye, a well-known cybersecurity company related to the incident, stated in a blog here that other targets include “government, consulting, technology, telecommunications and extractive entities in North America, Europe, Asia, and the Middle East.”
“If it’s cyber espionage, then this is one of the most effective cyber espionage activities we’ve seen in a long time,” said John Hultquist, FireEye’s director of intelligence analysis.
Experts say that because an attacker can use SolarWinds to break into the network and then create a new backdoor, simply disconnecting the network management program is not enough to guide the hacker. For this reason, thousands of customers look for signs of hackers and try to find and disable these additional tools.
