Huge SolarWinds Exploit by Russian Hackers Lead to Massive U.S. Government Data Breach
Russian government hackers have breached the Treasury and Commerce departments along with other U.S. government agencies as part of a massive global espionage campaign that has been happening for months according to individuals familiar with the events.
Officials were rushing over the weekend to discover the extent of the intrusions and implement countermeasures, but initial signs point to the breach being long-running and significant.
The Russian hackers behind this breach are known by the nicknames APT29 or Cozy Bear and are a part of Russia’s foreign intelligence service. The hackers were the same Russian group that hacked the State Department and the White House email servers during Obama’s presidency.
The FBI is currently investigating the campaign, which may have begun as early as spring. The victims included more than just government agencies. It has also affected consulting, technology, telecom, and oil and gas companies across the globe according to FireEye, which was also breached.
All these organizations suffered a breach through the update server of a network management system made by the firm SolarWinds.
The federal Cybersecurity and Infrastructure Agency issued an alert Sunday warning about an “active exploitation” of the Solar Winds Orion Platform from versions released in March and June. “CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures,” the alert stated.
SolarWinds issued a statement Sunday that said monitoring products it released in March and June of this year may have been weaponized in a “highly-sophisticated, targeted … attack by a nation state”.
The company filed a document with the Securities and Exchange Commission saying that “fewer than 18,000” of its more than 300,000 customers potentially have installed a software patch that enabled the Russian attack. According to the filing, it was not clear how many systems were actually hacked. The corporate filing also suggested that Microsoft’s Office 365 email may have been “an attack vector” utilized by the hackers.
The scale of the Russian espionage operation appears to be very large, said a few individuals investigating the matter. SolarWinds products are used by organizations across the globe. These include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President, and the National Security Agency.
