Updated: December 19, 2020 11:15:19 am
The US Department of Energy and its National Nuclear Security Administration said that the malware was isolated on commercial networks and did not affect national security functions (Image source: Chris Ratcliffe / Bloomberg).
The ‘SolarWinds’ cyberattack against the US government and various other private organizations around the world is one of the largest reported ‘supply chain’ attacks in recent times. The attack was first highlighted by cybersecurity FireEye on December 8, when it was attacked. Since then, more revelations have come to light, showing that the scale of this attack is one of the largest and global in nature. However, the big target seems to be the US government.
The Federal Bureau of Investigation (FBI) in a joint statement with the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) called this “a significant and ongoing cybersecurity campaign.” All three agencies are now investigating the attack.
Microsoft also issued a statement this week saying it had found evidence of the malware used to attack SolarWinds software on its networks. CISCO is the latest victim to confirm that it was also compromised by the attack.
Here are five points to keep in mind about this cyber attack based on what has been revealed so far:
SolarWinds and Orion software
According to FireEye, the way the attack was carried out indicated that it was a supply chain attack. This means that the attackers, who FireEye said had access to advanced capabilities and were extremely focused, chose to target companies supplying software to the US government and other private players.
Read more: Explained: A Massive Hack in the US, Using a Novel Set of Tools
The hackers targeted software called Orion, IT management software created by a Texas-based company called SolarWinds. FireEye has called the ‘Sunburst’ malware, which was added to an Orion update. The update was then installed by 17,000 of SolarWinds customers.
A long campaign
What is most concerning about the SolarWinds hack is that it appears to have been a long campaign that dragged on surreptitiously for many months. FireEye says the campaign started in spring 2020.
According to SolarWinds, the cyber espionage campaign began in March 2020 and continued undetected for many months. FireEye only discovered something was wrong when they were attacked and their own cybersecurity tools stolen, and began investigating their attack.
Microsoft complied with the records demand, but appealed the secrecy provision in court, saying it had the right to notify customers when the government is seeking their data (image source: Bloomberg).
Well hidden attackers, monitoring their targets
According to the FireEye posts, the attackers were really smart and had access to sophisticated tools. They were able to sneak into their intended target’s networks and then monitor their targets and their network data. According to a Reuters report, the attackers even monitored emails written by members of the Department of Homeland Security.
Read more: Explained: A Mass Hack in the US, Using a Novel Set of Tools
FireEye says there is evidence of data theft. The attackers hid in the systems of United States government agencies, private organizations for months, and managed to ‘blend in’ and keep a low profile, thus they went unnoticed for so long.
State sponsored attack
FireEye says the attack is state-sponsored, and while multiple US government officials and reports point to Russia, the cybersecurity firm has declined to name any country.
In the FireEye blog post, its CEO Kevin Mandia wrote: “We are witnessing an attack from a nation with world-class offensive capabilities… The attackers adapted their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational safety and are executed with discipline and focus ”.
US Senator Mitt Romney has compared the attack to “a modern equivalent of quasi-Russian bombers allegedly flying undetected over the entire country.” He also criticized the White House for being silent on the issue.
In an opinion piece written for The New York Times, Thomas P. Bossert, President Donald Trump’s former National Security Adviser, also named Russia for the attack and said it targets the Russian intelligence agency known as SVR. Russia has denied any involvement in the attack so far.
Various reports have indicated that the sophisticated nature of the attack means that Russia was likely the perpetrator, although there is no official confirmation. In a blog post, Microsoft also mentioned Russia saying that “the attack created a vulnerability in the supply chain of near global importance, reaching many major national capitals outside of Russia.”
– Senator Mitt Romney (@SenatorRomney) December 17, 2020
CISCO is the latest victim to confirm they were hacked
Cisco Systems has also confirmed that it was hacked as part of the cyberattack campaign. Bloomberg reported that some internal machines used by Cisco researchers were attacked.
A CISCO statement read: “While Cisco does not use SolarWinds Orion for management or monitoring of its enterprise network, we have identified and mitigated affected software in a small number of lab environments and a limited number of employee terminals. We continue to investigate all aspects of this evolving situation with the highest priority. “
© IE Online Media Services Pvt Ltd
.
