SolarWinds hackers hitting state, local governments — U.S. cyber agency

SolarWinds hackers hitting state, local governments — U.S. cyber agency

The Texas-based company - which provides computer network management tools to a wide variety of clients - recently disclosed one of its leading products had been compromised. However, it had been going on for months.

Crowdstrike - a leading USA cyber-security firm - has said that it believes those responsible for the Sunburst hack also tried to breach its systems earlier this year.

Here's a simple explanation of how the massive breach happened, and why it matters.

Mandia, whose firm is credited with initially discovering the hacking campaign's breach via SolarWinds Orion, an IT management software suite, also said FireEye has evidence to suggest hackers' efforts may have started late past year. The system, called "Orion", is widely used by companies to manage IT resources. Almost 18,000 SolarWinds customers are thought to have been using the compromised software. SolarWinds is no exception.

SolarWinds has said that it believes "fewer than 18,000" of its customers had installed the compromised Orion updates.

Microsoft said Thursday that it had notified more than 40 customers hit by the malware, which security experts say could allow attackers unfettered network access to key government systems and electric power grids and other utilities.

FireEye chief Kevin Mandia said this weekend he estimates around 50 organizations downloaded malicious code and were "genuinely impacted" by the hacking campaign believed to have breached multiple federal agencies and Fortune 500 companies.

The Washington Post announced the contact Hackers from the APT29 group known as the Convenient Bear, To a cyber attack on USA government sites, including the country's Treasury and Commerce Ministry, on December 13. The Wall Street Journal first reported on the scope of the NTIA email account breach.

"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated", CISA said in a statement.

Treasury Secretary, Steve Mnuchin, gave the confirmation while speaking on CNBC News on Monday.

Chinese military officers and others also have been indicted since 2014 on US charges of carrying out hacking attacks to steal commercial secrets.

Many, including U.S. Secretary of State, Mike Pompeo, have blamed Russian Federation for the hack, an accusation the Kremlin has dismissed as "baseless". Tom Bossert, President Trump's former homeland security officer, said that it could be years before the networks are secure again. Once hackers are inside a system, it can also be hard to tell if they're fully gone. "And we'll get around to attribution of that at a time and place of our choosing".

Finally, the hack could accelerate broad changes in the cybersecurity industry.

By Friday, both Republican and Democratic lawmakers started to ask several federal agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence, about the hacking campaign and started to demand more answers about the investigation and what data may have been compromised (see: SolarWinds Hack: Lawmakers Demand Answers).

Related Articles