https://www.kxan.com/news/local/austin/austin-based-solarwinds-at-center-
of-massive-us-government-hack/
WASHINGTON (AP, KXAN) — Hackers broke into the networks of the Treasury
and Commerce departments as part of a global cyberespionage campaign. They
accessed those networks by slipping malware into a SolarWinds software
update, according to the global cybersecurity firm FireEye, which was also
compromised.
The first phases of this monthslong cyberespionage campaign started in the
spring. The malware gave the hackers remote access to victims’ networks.
The FBI and the Department of Homeland Security’s cybersecurity arm are
investigating what experts and former officials said appeared to be a
large-scale penetration of U.S. government agencies. Industry experts said
it bore the hallmarks of Russian tradecraft.
“This can turn into one of the most impactful espionage campaigns on
record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after FireEye disclosed that
foreign government hackers had broken into its network and stolen the
company’s own hacking tools. Many experts suspect Russia is responsible.
FireEye’s customers include federal, state and local governments and top
global corporations.
How and why hackers targeted SolarWinds
The apparent conduit for the Treasury and Commerce Department hacks — and
the FireEye compromise — is a hugely popular piece of server software
called SolarWinds. It is used by hundreds of thousands of organizations
globally, including most Fortune 500 companies and multiple U.S. federal
agencies who will now be scrambling to patch up their networks, said
Alperovitch, the former chief technical officer of the cybersecurity firm
CrowdStrike.
SolarWinds is headquarted in Austin with offices off of Southwest Parkway
in Southwest Austin.
FireEye, without naming the breached agencies or other targets, said in a
blog post that its investigation into the hack of its own network had
identified “a global campaign” targeting governments and the private
sector that, beginning in the spring, slipped malware into a SolarWinds
software update.
The malware gave the hackers remote access to victims’ networks.
SolarWinds CEO reacts to the hack
SolarWinds said the “potential vulnerability” was related to updates
released between March and June for software that helps organizations
monitor their online networks for problems.
“We believe that this vulnerability is the result of a highly-
sophisticated, targeted and manual supply chain attack by a nation state,”
said SolarWinds CEO Kevin Thompson in a statement.
The compromise is critical because SolarWinds would give a hacker “God-
mode” access to the network, making everything visible, said Alperovitch.
SolarWinds asks all customers to upgrade immediately to Orion Platform
version 2020.2.1 HF 1 to address a security vulnerability. More
information is available at
https://t.co/scsUhZJCk8
— SolarWinds (@solarwinds) December 14, 2020
FireEye said it had notified “multiple organizations” globally where it
saw indications of compromise. It said that the hacks did not seed self-
propagating malware — like the 2016 NotPetya malware blamed on Russia that
caused more than $10 billion in damage globally — and that any actual
infiltration of an infected organization required “meticulous planning and
manual interaction.”
The U.S. government did not publicly identify Russia as the culprit behind
the hacks, first reported by Reuters, and said little about who might be
responsible. Cybersecurity experts said last week that they considered
Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement
that the government was “taking all necessary steps to identify and remedy
any possible issues related to this situation.”
Who are the SolarWinds customers who might be affected?
On its website, SolarWinds says it has 300,000 customers worldwide,
including all five branches of the U.S. military, the Pentagon, the State
Department, NASA, the NSA, the Department of Justice and the White House.
It says the 10 leading U.S. telecommunications companies and top five U.S.
accounting firms are also among customers.
The government’s Cybersecurity and Infrastructure Security Agency said it
was working with other agencies to help “identify and mitigate any
potential compromises.”
President Donald Trump last month fired the director of CISA, Chris Krebs,
after Krebs vouched for the integrity of the presidential election and
disputed Trump’s claims of widespread electoral fraud.
In a tweet Sunday, Krebs said “hacks of this type take exceptional
tradecraft and time,” adding that he believed that its impact was only
beginning to be understood.
Also, hacks of this type take exceptional tradecraft and time. On the 1st,
if this is a supply chain attack using trusted relationships, really hard
to stop. On the 2nd, I suspect this has been underway for many months.
Need good detections to find victims and determine scope.
— Chris Krebs (@C_C_Krebs) December 13, 2020
Federal government agencies have long been attractive targets for foreign
hackers.
Hackers linked to Russia were able to break into the State Department’s
email system in 2014, infecting it so thoroughly that it had to be cut off
from the internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole
information from Treasury and a Commerce Department agency responsible for
deciding internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council.
A Commerce Department spokesperson confirmed a “breach in one of our
bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI
had no immediate comment.
“I suspect that there’s a number of other (federal) agencies we’re going
to hear from this week that have also been hit,” former NSA hacker Jake
Williams said.
___
Krisher reported from Detroit and Bajak reported from Boston. Associated
Press writer Matt O’Brien contributed to this report from Providence,
Rhode Island.
--
"LOCKDOWN", left-wing COVID fearmongering. 95% of COVID infections
recover with no after effects.
No collusion - Special Counsel Robert Swan Mueller III, March 2019.
Donald J. Trump, cheated out of a second term by fraudulent "mail-in"
ballots. Report voter fraud:
sf.n...@mail.house.gov
Thank you for cleaning up the disaster of the 2008-2017 Obama / Biden
fiasco, President Trump.
Under Barack Obama's leadership, the United States of America became the
The World According To Garp. Obama sold out heterosexuals for Hollywood
queer liberal democrat donors.
President Trump boosted the economy, reduced illegal invasions, appointed
dozens of judges and three SCOTUS justices.