Multiple agencies in the USA have been hacked by a group of foreign-state bad actors tied to Russia. The affected government agencies include the U.S. Treasury, Commerce departments, and possibly many U.S. entities.
According to a story published by Reuters, hackers have been monitoring government agencies’ internal emails. The cybercriminals have likely had access to staff emails for months. The attackers have been able to add a malicious code to the software updated provided by SolarWinds, preventing antivirus software from detecting any unusual activities. This allowed the attackers to get unauthorized access to the government-used networks, allowing them to obtain information sent to and from highly privileged accounts.
The government agencies might not be the only compromised organizations in the USA. The attack exploited a vulnerability in the SolarWinds’ Orion platform used by 95% of the USA’s Fortune 500 companies. The company is also used by all major telecommunications companies in the USA. Currently, there isn’t a definitive list of affected government agencies and companies. However, the threat was considered severe enough to cause an emergency meeting at the White House held by the National Security Council during the weekend.
After the meeting, the Department of Homeland Security issued an emergency directive requesting all U.S. federal agencies to disconnect all affected SolarWinds products from the government networks. The security vendor working with the U.S. government SolarWinds issued an advisory saying that the attack was intended to be narrow, extremely targeted, and manually executed.
The attack might have lasted for months and appears to have been executed by a cyber-criminal group very close to the Russian government called Cozy Bear. The hacker group often occurs in the news and was recently linked to attempts to steal coronavirus vaccine research. It is associated with Russia’s multiple intelligence agencies and is also known as Office Monkeys, CozyCar, The Dukes, Cozy Duke, and Grizzly Steppe. According to MSNBC, the hackers made their way into the cybersecurity firm FireEye, where they stole the hacking tools used to test clients’ computer defenses.
Even though that SolarWinds says that this is not a widespread system attack, more entities may reveal that they have been affected by the breach. As this is a developing story, we expect to learn more in the next few days. SolarWinds works with 300,000 organizations from all around the globe.