News that some US government departments were hacked has been confirmed, and the hackers have been identified as Russia.
It’s now known that the State Department, the Department of Homeland Security and parts of the Pentagon have been compromised, although it’s now know what the extent of the breach of.
Officials only became aware of the attack when cybersecurity company FireEye reported that hackers had evaded its defences; and it was then discovered that legitimate SolarWinds software had been compromised and used to launch the attack.
It has emerged that about 18 000 users – including government users – downloaded the software that had been infiltrated.
SolarWinds users include the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.
Using the software does not necessarily mean that networks have been compromised and information stolen, and investigators are still working to determine the scope of the breacj and what damage has been suffered.
It appears that the hackers embedded malicious code in SolarWinds’ Orion software.
The company estimates that around 16 000 users may have downloaded the compromised update, and that the hackers would have exploited only what they considered the most valuable targets.
However, this may not be the only entry point into the networks.
This type of supply chain attack hides malicious code in the body of legitimate software updates provided to targets by third parties.
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive, calling on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” says CISA acting director Brandon Wales.