“Who knows the entirety of what happened here?” he said.
The difficulty of uncovering the extent of the damage was summarized by Brad Smith, the president of Microsoft, in a congressional hearing last week.
#SOLARWINDS HACK 2020 FULL#
The hackers were extraordinarily stealthy and specific in targeting, which is why it took so long to catch them-and why it’s taking so long to understand their full impact. Over 17,000 organizations downloaded the infected back door.
SolarWinds Orion, the network management product that was targeted, is used in tens of thousands of corporations and government agencies. That’s a long time to go unnoticed-longer than many organizations keep the kind of expensive forensic logs you need to do the level of investigation required to sniff the hackers out. Subsequent investigation has shown that the hackers started using the company’s products to distribute malware by March 2020, and their first successful breach of the US federal government came early in the summer.
#SOLARWINDS HACK 2020 SOFTWARE#
The federal government urgently needs to get to the bottom of what went wrong so that in the future, backdoors in other software used by the government are promptly discovered and neutralized.American intelligence agencies say Russian hackers first infiltrated in 2019. “I haven’t seen any evidence that the executive branch has thoroughly investigated and addressed these failures.
#SOLARWINDS HACK 2020 SERIES#
“Russia’s SolarWinds hacking campaign was only successful because of a series of cascading failures by the US government and its industry partners,” he wrote in an email. Senator Ron Wyden, an Oregon Democrat who has been critical of the government’s failure to prevent and detect the campaign in its early stages, says the revelation illustrates the need for an investigation into how the US government responded to the attacks and missed opportunities to halt it. Palo Alto Networks contacted SolarWinds, as the DOJ had, but in that case as well, they failed to pinpoint the problem. Volexity suspected there might be a backdoor on its customer’s server but ended the investigation without finding one. Later in September, the security firm Palo Alto Networks also discovered anomalous activity in connection with its Orion server. Around the same time of the department’s investigation, security firm Volexity, as the company previously reported, was also investigating a breach at a US think tank and traced it to the organization’s Orion server. The investigators of the DOJ incident weren’t the only ones to stumble upon early evidence of the breach. And the compromised data included “all sent, received, and stored emails and attachments found within those accounts during that time.” In its latter statement, the DOJ said that to “encourage transparency and strengthen homeland resilience,” it wanted to provide new details, including that the hackers were believed to have had access to compromised accounts from about May 7 to December 27, 2020. Six months later, the department expanded on this and announced that the hackers had managed to breach email accounts of employees at 27 US Attorneys' offices, including ones in California, New York, and Washington, DC. There are conflicting reports about whether this attack was part of the SolarWinds campaign or carried out by the same actors. That was the same month the DOJ-whose 100,000-plus employees span multiple agencies including the FBI, Drug Enforcement Agency, and US Marshals Service-publicly revealed that the hackers behind the SolarWinds campaign had possibly accessed about 3 percent of its Office 365 mailboxes. Although the DOJ had notified CISA, a spokesperson for the National Security Agency told WIRED that it didn’t learn of the early DOJ breach until January 2021, when the information was shared in a call among employees of several federal agencies.
The incident underscores the importance of information-sharing among agencies and industry, something the Biden administration has emphasized. When asked why, when the company announced the supply-chain hack in December, it didn’t publicly disclose that it had been tracking an incident related to the SolarWinds campaign in a government network months earlier, a spokesperson noted only that “when we went public, we had identified other compromised customers.” Mandiant itself got infected with the Orion software on July 28, 2020, the company told WIRED, which would have coincided with the period that the company was helping the DOJ investigate its breach.
0 kommentar(er)
