The SolarWinds hack is one of the biggest ever cyber attacks targeted against the US government, its agencies and also other private companies.
The SolarWinds hack is one of the biggest ever cyber attacks targeted against the US government, its agencies and also other private companies.
The first disclosure of SolarWinds attack was made on 8th December by US cybersecurity firm FireEye that helps big private companies and government agencies with security management.
The company disclosed that it was hacked by a nation-state APT group and the threat actors stole the Red Team assessment tool that FireEye uses to examine its customer security.
Later on, the news broke that the US Treasury, departments of Homeland Security, Commerce, State and the National Institute of Health and Homeland Security were also breached.
One thing common among the victims is that all are the customers of SolarWinds, a US software firm which protects the government from cyberattacks.
Hackers inserted a malicious backdoor into SolarWinds Orion software that they then used as a staging ground for later attacks.
Adversaries were able to use SolarWinds Orion network management platform to infect users with a stealth backdoor called “Sunburst” or “Solorigate,” that opened the way for lateral movement to other parts of a network.
According to SolarWinds, around 18,000 customers have downloaded the compromised Orion software update.
Microsoft is a customer of SolarWinds Corp., whose software the hackers have used to gain access to networks by installing malicious code.
“We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found no indications that our systems were used to attack others,” said spokesman Frank Shaw.
Cisco, the world’s biggest maker of networking equipment, was breached a day after Microsoft Corp said it's systems we're exposed to the malicious update.
The networking equipment maker reported that some internal machines used by Cisco researchers we're targeted.
The company said that the issue was quickly addressed by its security team and the “affected software” has been “mitigated.”
“At this time, there is no known impact to Cisco offers or products,” the company said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”
The US Energy department which is responsible for managing America’s nuclear arsenal has also been hacked into in the SolarWinds cyber attack.
The SolarWinds customer list is broad and has Fortune 500 companies, including government agencies.
These kinds of supply-chain attacks are rare and can be near impossible to detect. For the past nine months, the campaign has been ongoing we're hackers have exploited SolarWinds software product to spy on government and business networks across the world including in the US, Israel, UK and Canada.
Russia has denied any knowledge or involvement in the highly sophisticated cyberattack against the American government or federal agencies.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?