[ad_1]
It’s called Solarburst, the hacker attack that almost every business and cybersecurity expert is talking about right now. Marcus Murray, who runs a cybersecurity company, tells SVT Nyheter that he is aware of about ten cases in Sweden.
Her company investigates several of the cases itself, and although it does not want to say which companies they are, it says that they are “companies and organizations from both the public and private sectors.
– De facto, they have had a back door in major Swedish operations, so the attackers have had the opportunity to inflict very large damage, says Murray.
Ongoing since March
The attack has been very extensive and is believed to have lasted since March of this year without being detected. At that time, nearly 18,000 customers of the software company Solarwinds received malicious code in Orion software in connection with an update. After that, the hackers have selected authorities and companies that are more interesting and have built back doors for them to be able to steal data and monitor, for example, email systems.
The Swedish Civil Contingencies Agency learned of the cyber attack a week ago.
– The results of the investigation in the US indicate that the attackers were looking for information, that is, espionage, says Peter Jonegård, head of one of MSB’s cybersecurity units.
SVT: How serious is this attack?
– I’d say it’s very serious. This product is used so centrally in the management of IT environments. It is a relatively expensive and large product and therefore used by large organizations, which are doing important things.
MSB: act immediately
The Swedish Civil Contingencies Agency is now urging Swedish companies that have used Solarwind’s Orion platform to act “immediately” to remove malicious code.
MSB claims that it is not yet known whether Swedish companies that had back doors installed also suffered data theft or whether the hackers did not “have time” for Swedish targets before the attack was discovered.
– In theory, hackers would have been able to access classified security information, if such information existed in the IT environments they entered, says Peter Jonegård.
