The U.S. officials has revealed that Microsoft was included in the massive breach, but people familiar with the matter warned that it could just be the tip of the iceberg. The incidents affecting Microsoft and the software company SolarWinds Corp. may be just be a part of software supply chain attack that have been going on for months.
According to Reuters, the malware inflicted on Orion IT products are believed to have found their way into U.S. government agencies like the Defense and Energy Departments, including the National Nuclear Security Administration (NSSA) that manages the US nuclear weapons.
Microsoft used SolarWinds Corp.'s networking management software, which was used by suspected Russian hackers to infiltrate U.S. agencies and companies. The cybercriminals also used Microsoft products to further the attacks on others, although the Redmond, Washington-based tech giant has not yet confirmed how many users were affected by these compromised products.
Hackers removed evidence of Microsoft, SolarWinds hacking
The Department of Homeland Security (DHS) is still investigating on the attacks, although it revealed that cybercriminals used various methods to infiltrate the systems. DHS's Cybersecurity and Infrastructure Security Agency (CISA) said in an alert bulletin released on December 17 that the compromise on "SolarWinds Orion supply chain is not the only initial infection vector" that the advanced persistent threat (APT) actor has deployed. The DHS alert bulletin also noted that spies used other techniques besides aside from compromising system updates of SolarWinds, which is being used by thousands of government agencies and private companies.
Security firm FireEye was the first to discover the hacking and reported it to CISA. FireEye and CISA released clues to check if organizations have been hit by the attack. However, the cyber attackers have been very careful to delete logs and electronic footprints, which made it difficult, which files have been accessed or taken.
Investigators initially feared that attackers may have created false data, but it seems like they were only interested in accessing actual data. Meanwhile, some companies have already issued statements that "no evidence" shows that the attack penetrated their systems. However, in may be true only because hackers already removed the evidence.
The biggest hack of the decade
Initially, about 18,000 Orion customers have already downloaded the newest versions of SolarWinds, which contained a back door. Some people have called the incident as the biggest hack in a decade as it directly impacted software suppliers.
While software companies have already removed the link from those back doors to the hackers' computers, it is also possible that they installed other ways to keep their access. Thus, officials said security teams should use special channels for communicating to avoid hackers to know their detection and intervention actions.
Two Reuter sources revealed that government offices like FBI, Justice Department, and Defense Department are now using classified networks for routine communication as nonclassified networks are believed to have also been compromised.
President-elect Joe Biden said in a statement that he would "elevate cybersecurity as an imperative across the government" to further deter such major hacks. Meanwhile, members of the Congress demanded more information about the attacks. They will have a classified briefing on December 18 with the FBI and other agencies.
Among the hacked government agencies include the U.S. Energy Department and National Nuclear Security Administration (NSSA), which oversees the country's nuclear weapons. However, a spokesperson of the Energy Department said the malware "has been isolated to business networks only" and did not affect the U.S. national security, particularly the NNSA.
However, CISA urged investigators to be extra careful and not to assume organizations that did not use SolarWinds software updates are safe. CISA also noted that not all networks that hackers gained access were exploited. So far, it is known that cybercriminals have at least monitored the email system and other data of the Departments of Homeland Security, Defense, State, Commerce, and Treasury, but CISA continues to analyze other areas that attackers may have used.
Related article: SolarWinds Breach: FireEye Discovers More than 25 Firms Compromised
This is owned by Tech Times
Written by CJ Robles