Multiple U.S. government agencies and private corporations have been targeted in the state-sponsored SolarWinds Orion hack. Hackers inserted malware into SolarWinds Orion network monitoring software used by several federal agencies and companies to steal sensitive data. Reportedly, around 18,000 customersOpens a new window , including the U.S. Homeland Security, have been impacted by the hack.
Nation-state hackers targeted multiple U.S. government agencies and private organizations in the recent SolarWinds Orion breach which shook the cyber world. The Texas-headquartered service provider confirmed Orion, a platform used for monitoring the health of enterprise networks, was exploited to launch a widespread campaign against public and private organizations.
Malicious actors, suspected to be the Russian government-backed APT29 group, inserted and installed malware in the software updates of SolarWinds’ network monitoring product Orion. However, the Russian government refuted the claims of their involvement through a Facebook postOpens a new window and deemed them “unfounded.â€
According to a Reuters reportOpens a new window , these activities are a part of a broader cyber espionage operation. So far, victims include the U.S. Treasury and Commerce departments, among other government departments. Cybersecurity company FireEye, who confirmed these reports recently, was also compromised last week. The attack resulted in the theft of the company’s line-up of internal hacking tools called Red Team.
SolarWinds said in their advisoryOpens a new window , “SolarWinds has been made aware of a cyberattack to our systems that inserted a vulnerability within our SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.â€
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at
— SolarWinds (@solarwinds) December 14, 2020Opens a new window
See Also: A Hostile Nation Now Has Access to FireEye’s Hacking Tools
Neither FireEye nor SolarWinds confirmed the involvement of APT29 in the attack that infected versions 2019.4 to 2020.2.1 of the Orion software, released between March and June 2020. According to the SEC’s advisory, of the 300,000 SolarWinds customers, 33,000 leverage Orion, out of which 18,000 were affected.
Presently, SolarWinds customers in the U.S. government include U.S. Cyber Command, the FBI, the Department of DefenseOpens a new window , Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security, etc.
Microsoft is also investigating the attack vector, apparently caused by compromised emails. SolarWinds uses Microsoft Office 365 as its email and office productivity tools.
As of now, the scope of the attacks or the whole operation remains unclear. APT29 was also behind the White House and State Department email hacks in 2014. FireEye CEO Kevin MandiaOpens a new window wrote in a blog postOpens a new window , “The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors.â€
The countermeasures for the malware, dubbed SUNBURST, are available hereOpens a new window . Meanwhile, FireEye, Microsoft, the FBI, and others are probing the matter. The FBI, CISA, and the Office of the Director of National Intelligence (ODNI) have also “formed a Cyber Unified Coordination GroupOpens a new window (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities.â€
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!