Posts
The list keeps on growing... The new war. The new espionage. Call it what you will, but this was not a simple attack.
It started by manipulating SolarWinds Orion system updates hackers (state sponsored hackers, i.e. cyber warfare). This updated version allowed the hackers to access any of the servers which hosted the SolarWinds application, which is an IT monitoring and management tool used by administrators and network engineers. This allowed the hackers to have full administrator access to at least one server inside the victim's network, and download any additional malware they needed to get full access of the victims' networks. To set things in perspective, hackers breached the US nuclear weapons agency.
Source: Microsoft
The list of victims is huge. Till now, 40+ major companies or government departments and agencies have been identified. I expected the final number to reach at least a 100+ hi-profile victims. Hackers had around 9 months to do whatever they wanted without being caught. 80%
of which are located in the United States, with the rest being spread across
seven other countries —namely Canada, Mexico, Belgium, Spain, the UK, Israel,
and the UAE.
Companies breached so far:
- Microsoft
- SolarWinds
- Fireeye
Main US targets:
- The US Treasury Department
- The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
- The Department of Health's National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
- The National Nuclear Security Administration (NNSA)
- The US Department of Energy (DOE)
- Three US states
- City of Austin (also disclosed today)
While not the first attack of its kind, the fact that we are still at the tip of the iceberg in discovering the scale is worrisome. The types of victims, the amount of data that could have been stolen during a 9-month breach, and the fact that it is a state sponsored attack all indicate that the new wars will be fought online as well as with real weapons.
Finally, so many questions come to mind, and I am sure those would be answered within the coming days:
- How did the hackers bypass all internal SolarWinds controls, application controls and Quality Assurance to publish such a malicious update.
- How were they left undetected for 9 months.
- How many companies have been really breached and what type of data has been stolen
- What long lasting impact will this have on the cyber world, how can we ensure that software installed on our infrastructure is secure?
- Will the US retaliate?
