Solarwinds orion breach7/2/2023 ![]() ![]() SolarWinds says it has identified 18,000 customers potentially affected by the incident, which saw the culprits hijack software updates for a widely-used IT monitoring tool called "Orion" to spread malware, seemingly with the intention of espionage. government agencies and businesses seemingly being infected by hackers who are believed to be affiliated with Russia. The fallout from the cyberattack on the Texas-based software company appears to be vast, with a slew of powerful U.S. The federal government urgently needs to get to the bottom of what went wrong so that in the future, backdoors in other software used by the government are promptly discovered and neutralized.As federal authorities and cybersecurity experts rush to identify the full scope of the SolarWinds compromise, the list of known targets grows. “I haven’t seen any evidence that the executive branch has thoroughly investigated and addressed these failures. “Russia’s SolarWinds hacking campaign was only successful because of a series of cascading failures by the US government and its industry partners,” he wrote in an email. ![]() ![]() Senator Ron Wyden, an Oregon Democrat who has been critical of the government’s failure to prevent and detect the campaign in its early stages, says the revelation illustrates the need for an investigation into how the US government responded to the attacks and missed opportunities to halt it. ![]() Palo Alto Networks contacted SolarWinds, as the DOJ had, but in that case as well, they failed to pinpoint the problem. Volexity suspected there might be a backdoor on its customer’s server but ended the investigation without finding one. Later in September, the security firm Palo Alto Networks also discovered anomalous activity in connection with its Orion server. Around the same time of the department’s investigation, security firm Volexity, as the company previously reported, was also investigating a breach at a US think tank and traced it to the organization’s Orion server. The investigators of the DOJ incident weren’t the only ones to stumble upon early evidence of the breach. And the compromised data included “all sent, received, and stored emails and attachments found within those accounts during that time.” In its latter statement, the DOJ said that to “encourage transparency and strengthen homeland resilience,” it wanted to provide new details, including that the hackers were believed to have had access to compromised accounts from about May 7 to December 27, 2020. Six months later, the department expanded on this and announced that the hackers had managed to breach email accounts of employees at 27 US Attorneys' offices, including ones in California, New York, and Washington, DC. There are conflicting reports about whether this attack was part of the SolarWinds campaign or carried out by the same actors. That was the same month the DOJ-whose 100,000-plus employees span multiple agencies including the FBI, Drug Enforcement Agency, and US Marshals Service-publicly revealed that the hackers behind the SolarWinds campaign had possibly accessed about 3 percent of its Office 365 mailboxes. Although the DOJ had notified CISA, a spokesperson for the National Security Agency told WIRED that it didn’t learn of the early DOJ breach until January 2021, when the information was shared in a call among employees of several federal agencies. The incident underscores the importance of information-sharing among agencies and industry, something the Biden administration has emphasized. When asked why, when the company announced the supply-chain hack in December, it didn’t publicly disclose that it had been tracking an incident related to the SolarWinds campaign in a government network months earlier, a spokesperson noted only that “when we went public, we had identified other compromised customers.” Mandiant itself got infected with the Orion software on July 28, 2020, the company told WIRED, which would have coincided with the period that the company was helping the DOJ investigate its breach. ![]()
0 Comments
Leave a Reply. |