As of today, the breaches are ongoing and the level of seriousness has drastically risen. Reports state that the ‘hack’ has become so serious that a National Security Council meeting was held at the White House on Saturday. The US Treasury and the US National Telecommunications and Information Administration (NTIA) are reportedly victims of the ongoing attacks.
Global Hacking Campaign
On December 8th, FireEye reported that they will update the broader community on the breach. The updated investigation now shows that a global hacking campaign much greater in scope than previously imagined is afoot. Malicious entities are compromising private and public organizations via software supply chains, specifically the Orion network management software produced by SolarWinds. FireEye said that the hacking campaign is obviously state-level due to its sophistication and breadth. FireEye has also disclosed in the report that they are now able to see indications of hacking as far back as spring of 2020 and are currently notifying the affected organizations with new data. To add to this, FireEye disclosed that every element of the ongoing attacks is extremely meticulous and that this is now a full CISA (Cybersecurity and Infrastructure Security Agency) and FBI investigation.
Solarwinds Breach
Reports state that a Malware-injected software update named Solorigate/SUNBURST has infected IT management software giant SolarWinds. The malicious users have gained access to critical information on executives working for the government, intelligence services, and military officials. Not only that, but the hackers now have access to SolarWinds’ customer listing of 300,000 users. The list includes almost all of the US Fortune 500, numerous educational institutions, all the top ten US telecom companies. Further still, the customer listing includes the US Pentagon, all other intelligence agencies, and finally the Office of the President of the US. The company was ordered to shut down all SolarWinds Orion products in accordance with the Emergency Directive 21-01.
Russian Hackers Suspected
According to FireEye and Microsoft as well as other individuals in the intelligence sector, Russian hackers are suspected in this breach. Although the Russian government denies any involvement in the matter, the Russian hackers, known as APT29 or Cozy Bear, are a part of their nation’s foreign intelligence. FireEye has also confirmed an attacker by the name of UNC2452. It is important to note that during the Obama administration, the same individuals hacked the State Department and White House servers. John Ullyot of The National Security Council stated that “The United States Government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation”.
Global Implications of The Breach
The global implications of this high-level government breach are potentially massive, depending on what further details are released from FireEye and the US Government. SolarWinds have announced that a software update will be released tomorrow (Orion Platform version 2020.2.1 HF 2) to fix the compromised components.