Thursday, February 29, 2024

Hackers used little-known IT vendor to attack US agencies

Must read


At the epicenter of the most extensive cyber attack in recent memory is a two-decade-old Austin, Texas-based software maker called SolarWinds. Little known outside of tech circles, his client list includes all branches of the U.S. military and four-fifths of the Fortune 500.

Many of those customers got trapped in the attack because suspected Russian hackers inserted a vulnerability in popular SolarWinds software, designed to give users an overview of the diverse web of applications that run their operations.

In a filing filed with the U.S. Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of 18,000 of its customers. These clients include government agencies around the world and some of the world’s largest corporations.

The company “has been made aware of a cyber attack which inserted a vulnerability into its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which Orion products are located. ‘run’, according to the record. “SolarWinds has been informed that this incident was likely the result of a very sophisticated, targeted and manual supply chain attack by an outside nation state.”

SolarWinds fell 6% early in Tuesday. The company fell 17% on Monday, the worst drop since going public in October 2018. The company said it sent mitigating actions to affected customers and provided an additional “fix” update on December 15.

APT 29, a hacking group linked to the Russian government, issuspected of being latethe violation. The commerce department was violated, as were the domestic security and treasury departments, Reuters reported.

The global hacking campaign also included the December 8 cyberattack on cybersecurity firm FireEye.

The Russian embassy has denied any involvement in the hacking, claiming that Russia “does not conduct offensive operations in the cyber domain”.

Governments and businesses are now rushing to figure out how such a security disaster materialized, and how come an obscure company founded by two brothers in the 1990s now appears to be at the heart of a sudden blow. Potentially major Russian intelligence state.

According to its website, SolarWinds has more than 300,000 customers.Outside the United StatesSolarWinds has landed contracts for the UK’s National Health Service, the European Parliament and NATO, according to its website.

The company was founded in Tulsa over two decades ago by brothers David Yonce and Donald Yonce after hearing friends “complain about a specific long list of frustrations in running their infrastructure,” according to one.itemfrom January on the company’s website. “They were part of the same perpetual discussion that we all share in the tech arena. “Why can’t someone just make a tool that X ?! The difference was that they had decided to do something about it.

SolarWinds serves the network monitoring needs for government agencies and private sector companies, marketing itself on its LinkedIn page as “Everybody’s IT”. SolarWinds has removed its web page that details its US government and private sector customers.

Its Orion product is a powerful and important monitoring tool, allowing IT system administrators to see at a glance the state of a business or organization’s network. Since Orion provides information about the entire network, it also has privileged access to sensitive parts of the network.

“It gives you visibility into our entire network and allows you to react quickly when a server or router goes down,” said Ben Johnson, CTO of Obsidian Security. “But if you try to do global systems and traffic monitoring, it has very reliable access.”

Barely a household name, SolarWinds is the third-largest manufacturer of computer operating software, behind Splunk Inc. and International Business Machines Corp., according to data provided by Gartner Inc. The other main competitors of SolarWinds are Cisco Systems Inc. and Microsoft.

Hackers have penetrated Orion’s update system, introducing malicious code disguised as legitimate Orion updates, according to blog posts from FireEye and Microsoft Corp. The malicious vulnerability existed in the updates between March and June, the company said. The hack tool built into the update even stored stolen data in Orion software to evade detection, according to FireEye. The result was that hackers could snoop around a company’s network while appearing to be legitimate traffic.

As of noon as of Monday, the malicious update was still available for download from the SolarWind website, according to Karim Hijazi, founder and CEO of Prevailion Inc., a Maryland-based cybersecurity company. Hijazi said his team compared the available download with security alerts identifying the spoofed update, and it’s an exact match.

This appears to contradict a statement by the company made earlier today that Orion products downloaded after June did not contain the vulnerability. When asked about continued access to the malicious file, SolarWinds denied the claim and referred a Bloomberg reporter to the company’s statement to the SEC. As a result of the email exchange, the webpage that previously hosted the malware update has been removed, Prevailion said. It now says “Not Found”.

The number of victims is likely to increase as businesses and governments comb through their computer systems for traces of hackers.

“The victims included government, consultancy, technology, telecommunications and mining entities in North America, Europe, Asia and the Middle East,” according to FireEye. “We expect there will be additional casualties in other countries and verticals.”

The extent of the damage caused by the hacking campaign is still unknown. Russian hackers likely prioritized the most valuable intelligence targets first, meaning they wouldn’t have had time to penetrate all of SolarWinds customers. “Once you’re found out, that’s where you start to shoot whatever you can,” Johnson said. “It’s gonna be a crazy week.”

More to read absolutely technological coverage of Fortune:


- Advertisement -spot_img

More articles


Please enter your comment!
Please enter your name here

- Advertisement -spot_img

Latest article