After confirming being hacked earlier in December, cybersecurity firm FireEye immediately investigated on how cyber criminals were able to break into the company's defenses. The researchers discovered vulnerability from SolarWinds Corp, one of its software providers, which allegedly compromised over 25 entities.
According to Newsweek, Mandiant senior vice president and chief technical officer Charles Carmakal said that they have investigated on 50,000 source code lines, which led to a "backdoor within SolarWinds." Mandiant is incident response arm of FireEye. Carmakal said that as soon as they discovered the backdoor, FireEye immediately contacted SolarWinds and the law enforcement.
SolarWinds Breach: FireEye discovers more than 25 compromised firms
The hackers behind the FireEye attack exploited the vulnerability on a SolarWinds product to embed malware, which then accessed the systems of SolarWinds clients after updating their software. Bloomberg reported that people familiar with the investigations said the SolarWinds breach infected more than 25 entities. However, the Texas-based security company said that the malicious Trojan may have been downloaded by as much as 18,000 entities.
Carmakal said hackers stole sensitive tools that FireEye uses to investigate vulnerabilities on clients' computer systems. While this attack may have tainted the cybersecurity firm, but Carmakal noted that it in fact became a crucial mistake that hackers did.
"If this actor didn't hit FireEye, there is a chance that this campaign could have gone on for much, much longer," Carmakal told Bloomberg. This incident allowed them to know more about the how this hacker works, which they shared with law enforcers, security partners, and intelligence community.
Meanwhile, Carmakal added that is no evidence proves that stolen FireEye tools have been used in accessing systems of U.S. government agencies.
Russian hackers behind the attack
Authorities suspected that the hackers who attacked SolarWinds are part of an elite Russian cybercriminal group. Some people have attributed the attack to APT 29 or Cozy Bear, a state-sponsored Russian group, FireEye has not yet found sufficient evidence to confirm this. Meanwhile, a Russian official already denied the country's involvement on the attack.
It is expected that additional information about the attack may be revealed in the coming days. National Security Advisor Robert O'Brien cut short his trips to Europe and the Middle East to attend to the hack on U.S. government agencies. Connecticut Senator Richard Blumenthal revealed after a classified briefing on the cyberattack has left him "deeply alarmed, in fact downright scared."
Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown.— Richard Blumenthal (@SenBlumenthal) December 15, 2020
FireEye wrote in a blog post that the recent attack is part of a global cyberattack campaign by a high-level attacker who previously targeted governments, technology, telecom, extractive, and consulting firms in Asia, Europe, North America, and the Middle East. Unfortunately, more victims are expected to come forward in the near future.
Meanwhile, the Department of Commerce has already confirmed that one of its bureaus have beenhacked while Reuters earlier reported the attacks on the Treasury Department and Department of Homeland Security.
By attacking SolarWinds, the cyber attackers were able to breach the U.S. government systems. Then, hackers compromised the software they used before accessing into their network witout getting flagged by the system security.
This is owned by Tech Times
Written by CJ Robles