Posted on December 14, 2020 at 1:44 PM
A recent revelation from cybersecurity firm FireEye revealed that suspected Russian hackers carried out a global intrusion campaign on some U.S. government agencies.
According to the Washington Post report, the breach is from the Russian government-backed hackers.
The attack was carried out on the U.S Treasury and Commerce department as well as other government agencies, according to the report.
The Number Of Victims Could Be In Thousands
Since many customers who used the product received the manipulated software, the number of victims could reach thousands.
According to the report, the threat actors seem to have placed more emphasis on highly sensitive targets.
The hacking activities, which began months ago, involved hacking email account details at the U.S. Treasury Department.
It peaked when the SolarWinds’ Orion Network Management Products were compromised, and many U.S. government agencies share networks using the SolarWinds Network management products.
FireEye security researchers revealed that the identified global hacking campaign target network of private and public organizations through the software supply chain.
“This compromise is delivered through updates to a widely-used IT infrastructure management software,” The security researchers revealed in a blog post
List Of Targets Include Top Government Agencies
The attacks have been classified as one of the worst in recent history, with top government agencies and institutions included in the list of sensitive targets.
The list includes the majority of the Fortune 500, the five branches of the U.S. military, the FBI, the Naval Information Warfare Systems Command, the Center for Disease Control and Prevention, as well as the State Department.
A spokesman for the National Security Council John Ullyot stated that the U.S. government is also aware of the hacking report.
“We are taking all necessary steps to identify and remedy any possible issues related to this situation,” he added.
Consequently, the Cybersecurity and Infrastructure Security Agency has asked all federal civil agencies to review their security networks and powerdown or disconnect SolarWinds Orion products immediately.
It also demanded an updated assessment from the agencies to ensure their security has not been breached already.
According to Acting Director Brandon Wales, the breach of the Solarwinds network is an unacceptable risk, which has affected several organizations.
He further revealed that the directive issued to the organizations is necessary to reduce or prevent any potential attacks on the systems or networks of the targeted organizations both in the private and public sectors.
Target Spread Across The Globe
The FireEye researchers said the hackers infiltrated several organizations across the globe, including in the Middle East, Asia, Europe, and North America.
Also, the attack was not limited to a particular sector, it hit across multiple sectors including oil and gas, consulting telecommunications, technology, and multiple sectors of the government. FireEye also noted that the list is expected to grow.
The researchers also said the hacking campaign shows top-level resourcing and operational tradecraft synonymous with state-sponsored threat actors. The company said according to its analysis, there is a wide range of organizations where there are compromising indications as from the spring of 2020.
A Diversion Of Target Point
In the 2016 presidential election, the Russian state-sponsored threat actors launched attacks on the U.S. electoral system and slightly disrupted some sections of the election. With that attack fresh in the mind of U.S. authority, a massive defense mechanism was put in place to prevent a repeat of such an attack in the 20202 elections.
However, with more emphasis placed on the U.S. election, the Russian hackers had a window of opportunity to lunch attacks on other areas.
The suspected Russian hackers were quietly working to infiltrate the sensitive data of corporate victims and American government agencies without being detected.
SolarWinds admitted that one of its product’s software update system was utilized to send malware to customers.
The company pointed out that it’s aware of the potential vulnerability which could be related to updates it released between March and June this year.
SolarWinds Chief Executive Officer Kevin Thompson pointed out that the vulnerability exploitation is a result of a well planned manual supply chain attack by a state-sponsored threat actor.
He also said the firm has called on the FBI and is currently working with the agency to investigate the incident.