SolarWinds hack officially blamed on Russia: What you need to know

Microsoft head calls SolarWinds hack 'act of recklessness': What you need to know


US intelligence agencies say Russia is responsible for major hacking operations for striking federal agencies and major tech companies

Angela Lang / CNET

US Intelligence Agencies Attributed to a sophisticated malware campaign Russia said Tuesday in a joint statement several weeks after the hack’s public reports that it has affected local, state and federal agencies in the US, in addition to private companies, including Microsoft. Large scale breach, which allegedly used an email system Senior Leadership in Treasury Department And the system, at several other federal agencies, began in March 2020 when hackers compromised IT management software from SolarWinds.

The FBI and NSA joined the Office of the Director of the Cyber ​​Security and Infrastructure Security Agency and National Intelligence on Tuesday, stating that the hack was “basically Russian” on Tuesday, but to hold a specific hacking group or Russian government agency responsible Stopped short of.

Austin, Texas-based SolarWind sells software that allows an organization to see what’s happening on its computer network. Hackers inserted malicious code into an update to a software called Orion. About 18,000 SolarWinds customers installed tainted updates on their systems, the company said. The compromised update has had a wide impact, increasing the way new information emerges.

The joint statement on Tuesday called the hack “a serious compromise that would require sustained and dedicated effort to remove.”

On December 19, President Donald Trump took to Twitter to consider China may be behind the attack. Trump, who did not provide evidence to support the Chinese participation suggestion, tagged Secretary of State Mike Pompeo, who previously said in a radio interview that “we can clearly say that it was the Russians who were involved in this activity.” I was engaged

In a joint statement, US national security agencies called the breach “significant and ongoing”. It is still unclear how many agencies have been affected or what information the hackers have stolen so far. But by all accounts, malware is extremely powerful. According to an analysis by Microsoft and security firm FireEye, which were both Infected, Gives hackers wider access to malware-affected systems.

Microsoft said it had identified More than 40 customers Which was targeted in the hack. More information is likely to emerge regarding the agreement and their aftermath. Here is what you need to know about the hack:

How did hackers snatch malware in software updates?

The hackers succeeded in using a system that SolarWinds uses to simultaneously update its Orion product, the company explained in a December 14 filing with the SEC. From there, they inserted the malicious code into an otherwise valid software update. This is known as a supply-chain attack because it infects the software because it is subject to assembly.

This is a major coup for hackers to pull off a supply-chain attack as it packages their malware inside a trusted piece of software. Instead of searching for different targets to download malicious software with a phishing campaign, hackers can rely on many government agencies and companies to install Orion updates in SolarWinds’ prompting.

The approach is particularly powerful in this case because thousands of companies and government agencies around the world allegedly use Orion software. With the release of tainted software updates, SolarWinds’ huge customer list became a potential hacking target.

What do we know about Russian involvement in the hack?

US intelligence officials have publicly accused Russia of the hack. A joint statement by the FBI, NSA, CISA and ODNI stated that the most likely hack was from Russia. His statement followed Pompeo’s comments in an interview on 18 December, in which he blamed Russia for being hacked. In addition, news outlets cited government officials throughout the past week who said the Russian hacking group is believed to be responsible for the malware campaign.

SolarWinds and cybersecurity firms have blamed “nation-state actors” for the hack, but have not directly named any country.

In a December 13 statement on Facebook, the Russian Embassy in the US denied responsibility for the SolarWinds hacking campaign. “The malicious activities in the information space contradict the principles of Russian foreign policy, national interests and our understanding of interstate relations,” the embassy said, adding that “Russia does not conduct aggressively in the cyber domain.”

Nicknamed APT29 or CozyBear, the hacking group revealed by news reports have previously been blamed for targeting email systems at the State Department and the White House during President Barack Obama’s administration. It was named by the US intelligence agencies as one of those groups Intruded email system Of Democratic National Committee in 2015, But the leak of those emails is not attributed to CozyBear. (Another Russian agency was blamed for this.)

Recently, the US, UK and Canada have identified the group responsible for the hacking attempts that tried to access Information about COVID-19 vaccine research.

Which government agencies were infected with malware?

According to reports from Reuters, The Washington Post and The Wall Street Journal, Malware influenced US departments of Homeland Security, State, Commerce, and Treasury, as well as the National Institutes of Health. Politico reported on 17 December that nuclear programs operated by the US Department of Energy and the National Atomic Security Administration were also targeted.

Reuters reported on 23 December that the CISA added local and state governments to the victims list. According to the CISA website, the agency is “tracking an important cyber event affecting enterprise networks in federal, state and local governments, as well as critical infrastructure entities and other private sector organizations.”

It is still unclear whether the information, if any, was stolen from government agencies, but the amount of access seems to be widespread.

However the Department of Energy and the Department of Commerce and Treasury department Hacks admitted, there is no official confirmation that other specific federal agencies have been hacked. However, the Cyberspace Infrastructure Security Agency urged one of the federal agencies to reduce the malware, stating that it is “currently being exploited by malicious actors.”

In a statement on 17 December, President-Elect Joe Biden said his administration would “take top priority to deal with this violation from the moment we take office.”

Why is a hack a big deal?

In addition to gaining access to multiple government systems, hackers turned a run-of-the-mill software update into a weapon. That weapon was pointed at thousands of groups, not just the agencies and companies the hackers focused on as they installed the tainted Orion update.

Microsoft president Brad Smith called it an “act of negligence” in an extensive blog post on 17 December that explored the hack’s impact. He did not attribute the hack directly to Russia, but cited his previous alleged hacking campaigns as evidence of a rapidly growing cyber conflict.

“It’s not just an attack on specific targets,” Smith said, “but on the trust and credibility of the world’s critical infrastructure to advance a nation’s intelligence agency.” He called for international agreements to limit the manufacture of hacking devices that reduce global cyber security.

Former Facebook cyber security chief Alex Stamos said on Twitter on December 18 that the hack could lead to supply-chain attacks Is becoming more common. However, he Questioned whether hack For a well-resourced intelligence agency there was nothing out of the ordinary.

“So far, all of the publicly discussed activity has fallen within the US borders that the US does regularly,” Stamos Tweeted.

Were private companies or other governments affected by malware?

Yes. On December 17, Microsoft confirmed that indicators of malware were found in its system, after confirming several days earlier that the breech was affecting its customers. A Reuters report also stated that Microsoft’s own system was used to carry out the hacking campaign, but Microsoft denied the news agencies’ claim. On 16 December, the company began dropping versions of Orion, known as malware, to cut hackers from its customers’ systems.

FireEye also confirmed that it was infected with malware and was also looking at infections in customer systems.

On December 21, the Wall Street Journal said it had exposed at least 24 companies that had installed malicious software. These include tech companies Cisco, Intel, Nvidia, VMware and Belkin, according to the Journal. The hackers also allegedly entered California state hospitals and Kent State University.

It is not clear which SolarWinds’ other private sector customers have seen the malware infection. The company’s customer list includes large corporations, such as AT&T, Procter & Gamble, and McDonald’s. The company also counts governments and private companies around the world as customers. FireEye says many of those customers were infected.

Correction, 23 December: This story has been updated to clarify that SolarWinds builds IT management software. An earlier version of the story misconstrued the purpose of its products.

Be the first to comment

Leave a Reply

Your email address will not be published.