Details of the most dangerous cyberattack in US history



[ad_1]

The US administration continues to investigate what is seen as the largest and most dangerous cyber attack targeting the United States, accusing Russia of being behind it.

An analysis of The Wall Street Journal’s internet logs found that hackers with suspected ties to Russia who infiltrated US government agencies also gained access to major US accounting and technology firms, At least a hospital and a university.

The newspaper identified infected computers in twenty organizations that installed a contaminated network monitoring program called SolarWinds Orion, which allowed hackers to enter through a secret back door.

Backdoor is an expression used in the ABCs of technology to denote the secret method that hackers often use to avoid normal authentication or encryption to access any computer system or network.

The back door gave the Russian attackers (most likely) “access to a large amount of personal and sensitive personal data,” according to the newspaper.

Among them are tech giant Cisco Systems Inc., Intel Corp. and Nvidia Corp., which make the chips, Deloitte LLP, cloud computing software maker VMware, and Belkin International Inc., which sells Wi-Fi routers. for homes, offices and networks, and LinkSys and Belkin brand equipment.

The attackers also gained access to California state hospitals and Kent State University.

And had it not been for the hack’s discovery, earlier this month the attackers could have logged up to 18,000 customers of Austin-based SolarWinds Corp., the company itself said, after hackers linked an update to routine software with malicious code.

SolarWinds said it tracked the hackers’ activity to at least October 2019 and is now working with security companies, law enforcement and intelligence agencies to investigate the attack.

Cisco confirmed that it had found malware on some employee systems and some laboratory systems.

The company is still investigating, while a spokesperson said: “At the moment, there is no known impact of Cisco offerings or products.”

The magazine’s analysis found that Intel downloaded and ran the malware.

A spokesperson said the company was investigating the incident and found no evidence that hackers used the back door to gain access to the company network.

For its part, Deloitte, affected by the attack at the end of June, said, according to the newspaper’s analysis, that it had “taken measures to combat” malware but that it had “not detected indications of unauthorized access to our systems at this time ”.

VMware said it had found “limited cases” of malware on its systems, but “its internal investigation has yet to reveal any signs of a violation,” a spokesperson said.

For its part, Belkin said in an email that it had removed the back door immediately after federal officials issued an alert last week, and a company spokeswoman said: “No known negative impacts have yet been identified.”

Kent State University also indicated that it “has been aware of the situation and is evaluating this serious matter.”

And California state hospitals had installed the back door in early August, according to the newspaper’s analysis.

State officials are working with federal and state agencies to address the solar backdoor effect, according to a spokesman for the California governor’s office of emergency services, who declined to comment on the specific agencies affected.

An Nvidia spokesperson said the company has no evidence at this time that the company has been adversely affected and the investigation is ongoing.

The magazine collected digital evidence from victims’ computers collected by threat intelligence companies Farsight Security and RiskIQ and then used decryption methods to reveal the identities of some of the servers that downloaded the malicious code.

In some cases, the analysis led to the identification of compromised organizations and showed when the code was most likely to be activated, indicating that hackers already had access to those systems.

[ad_2]