General Discussion > Information Technology & Cyber Security

SolarWinds hack

(1/1)

adroth:
Why the US government hack is literally keeping security experts awake at night
By Brian Fung, CNN Business
Updated 5:38 PM ET, Wed December 16, 2020

https://www.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html

Washington (CNN Business)The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia. Investigators are still trying to figure out how much of the government may have been affected and how badly it may have been compromised.

But what little we know has cybersecurity experts extremely worried — with some describing the attack as a literal wakeup call.

< Edited >

While SolarWinds is not a household name, it works with many businesses and organizations that are.

< Edited >

girder:
Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit
The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised by Russian hackers. The sweep of stolen data is still being assessed.


--- Quote ---WASHINGTON — The scope of a hack engineered by one of Russia’s premier intelligence agencies became clearer on Monday, when some Trump administration officials acknowledged that other federal agencies — the State Department, the Department of Homeland Security and parts of the Pentagon — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence community and nuclear laboratories were affected by the highly sophisticated attack.

United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.

It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies.

About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.

...

Nearly all Fortune 500 companies, including The New York Times, use SolarWinds products to monitor their networks. So does Los Alamos National Laboratory, where nuclear weapons are designed, and major defense contractors like Boeing, which declined on Monday to discuss the attack.

The early assessments of the intrusions — believed to be the work of Russia’s S.V.R., a successor to the K.G.B. — suggest that the hackers were highly selective about which victims they exploited for further access and data theft.

The hackers embedded their malicious code in the Orion software made by SolarWinds, which is based in Austin, Texas. The company said that 33,000 of its 300,000 customers use Orion, and only half of those downloaded the malign Russian update. FireEye said that despite their widespread access, Russian hackers exploited only what was considered the most valuable targets.

“We think the number who were actually compromised were in the dozens,” said Charles Carmakal, a senior vice president at FireEye. “But they were all the highest-value targets.”

...
--- End quote ---

adroth:
In wake of SolarWinds hack, here are the critical responses required of all businesses

https://www.scmagazine.com/home/security-news/here-are-the-critical-responses-required-of-all-businesses-after-solarwinds-supply-chain-hack/

The U.S. Department of Homeland Security, Treasury Department and FireEye are among the most prominent victims affected by the supply chain attack on SolarWinds network monitoring software. But these data breaches are just scratching the surface of one of the most significant foreign hacking incidents in history – one that will have long-lasting repercussions.

SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. That attack allowed the culprits to perform reconnaissance, elevate their privileges, move laterally and steal data.

< Edited >

adroth:
What you need to know about the biggest hack of the US government in years

Russian agents are suspected in the Orion breach, which affected the treasury and commerce departments – and perhaps others

Kari Paul
Tue 15 Dec 2020 18.05 EST

https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department

A vast trove of US government emails has been targeted in a hack thought to have been carried out by Russia, American officials revealed on Monday.

The stunningly large and sophisticated operation reportedly targeted federal government networks and marks the biggest cyber-raid against US officials in years. The treasury and commerce departments were both affected and others may have been breached.

Hackers gained entry into networks by getting more than 18,000 private and government users to download a tainted software update. Once inside, they were able to monitor internal emails at some of the top agencies in the US.

< Edited >

What happened?

The hack began as early as March, when malicious code was sneaked into updates to popular software called Orion, made by the company SolarWinds, which monitors the computer networks of businesses and governments for outages.

That malware gave elite hackers remote access to an organization’s networks so they could steal information.

< Edited >

The breach was not discovered until the prominent cybersecurity company FireEye, which itself also uses SolarWinds, determined it had experienced a breach by way of the software. FireEye has not publicly blamed its own breach on the SolarWinds hack, but it reportedly confirmed that was the case to the tech site Krebs On Security on Tuesday.

The apparent months-long timeline gave the hackers ample time to extract information from many targets. Government officials have not yet stated which agencies were affected but the Centers for Disease Control and Prevention, the state department, and the justice department all use the software in question.

< Edited >

Navigation

[0] Message Index

Go to full version