[ad_1]
US information technology company SolarWinds has said that up to 18,000 of its customers had downloaded a compromised software update that allowed suspected Russian hackers to spy on global companies and governments for nearly nine months.
The United States issued an emergency warning yesterday, ordering government users to disconnect SolarWinds software that it said had been compromised by “malicious actors.”
That warning came after Reuters reported that suspected Russian hackers had used hijacked SolarWinds software updates to break into various US government agencies, including departments of the Treasury and Commerce.
Moscow denied having any connection to the attacks.
People familiar with the hacking campaign said the US Department of Homeland Security had also been breached.
One of them said DHS email had been compromised, but not the critical network that DHS’s cybersecurity division uses to protect infrastructure.
DHS is a massive bureaucracy responsible for border security, cybersecurity, and most recently, the safe distribution of the COVID-19 vaccine.
SolarWinds said in a regulatory disclosure that it believed the attack was the work of an “external national state” that inserted malicious code into updates to its Orion network management software released between March and June this year.
“SolarWinds currently believes that the actual number of customers who may have had an installation of Orion products that contained this vulnerability is less than 18,000,” he said.
The company did not respond to requests for comment on the exact number of engaged customers or the extent of the breaches at those organizations. It said that it was not aware of the vulnerabilities in any of its other products and that it was now investigating with the help of US law. application and external experts in cybersecurity.
SolarWinds has 300,000 clients around the world, including most of the Fortune 500 companies in the United States and some of the most sensitive parts of the United States and Great Britain governments, such as the White House, defense departments and agencies. intelligence agencies of both countries.
Investigators around the world are now struggling to find out who was hit.
A British government spokesman said United Kindgom was not aware of any impacts from the attack, but was still investigating.
The US Department of Homeland Security did not immediately respond to a request for comment.
Two people familiar with the investigation of the attack told Reuters that any organization running a compromised version of the Orion software would have had a “back door” installed on their computer systems by the attackers.
“After that, it’s just a question of whether the attackers decide to exploit that access further,” said one of the sources.
However, initial indications suggest that hackers were discriminating over who they chose to break into, according to two people familiar with the wave of corporate cybersecurity investigations that launched Monday morning.
“What we see is much less than all the possibilities,” said one person. “They are using this as a scalpel.”
FireEye, a prominent cybersecurity company that was breached in connection with the incident, said in a blog post that other targets included “government, consulting, technology, telecommunications and extractive entities in North America, Europe, Asia and the Middle East.”
“If it’s cyber espionage, then it is one of the most effective cyber espionage campaigns we’ve seen in quite some time,” said John Hultquist, director of intelligence analysis at FireEye.
[ad_2]