Tag Archive for: hack

SolarWinds Hack Could Affect 18K Customers — Krebs on Security

/in


The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.

On Dec. 13, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.

In a Dec. 14 filing with the U.S. Securities and Exchange Commission (SEC), SolarWinds said roughly 33,000 of its more than 300,000 customers were Orion customers, and that fewer than 18,000 customers may have had an installation of the Orion product that contained the malicious code. SolarWinds said the intrusion also compromised its Microsoft Office 365 accounts.

The initial breach disclosure from SolarWinds came five days after cybersecurity incident response firm FireEye announced it had suffered an intrusion that resulted in the theft of some 300 proprietary software tools the company provides to clients to help secure their IT operations.

On Dec. 13, FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye didn’t explicitly say its own intrusion was the result of the SolarWinds hack, but the company confirmed as much to KrebsOnSecurity earlier today.

Also on Dec. 13, news broke that the SolarWinds hack resulted in attackers reading the email communications at the U.S. Treasury and Commerce departments.

On Dec. 14, Reuters reported the SolarWinds intrusion also had been used to infiltrate computer networks at the U.S. Department of Homeland Security (DHS). That disclosure came less than 24 hours after DHS’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to…

Source…

U.S. Homeland Security and businesses respond to suspected Russian hack

/in


(Reuters) — The U.S. Department of Homeland Security and thousands of businesses scrambled Monday to investigate and respond to a sweeping hacking campaign that officials suspect was directed by the Russian government.

Emails sent by officials at DHS, which oversees border security and defense against hacking, were monitored by the hackers as part of the sophisticated series of breaches, three people familiar with the matter told Reuters Monday.

The attacks, first revealed by Reuters Sunday, also hit the U.S. departments of Treasury and Commerce. Parts of the Defense Department were breached, the New York Times reported late Monday night, while the Washington Post reported that the State Department and National Institutes of Health were hacked. Neither of them commented to Reuters.

“For operational security reasons, the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,” a Pentagon spokesperson said.

Technology company SolarWinds, which was the key steppingstone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.

The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software that it said had been compromised by “malicious actors.”

That warning came after Reuters reported suspected Russian hackers had used hijacked SolarWinds software updates to break into multiple U.S government agencies. Moscow denied having any connection to the attacks.

One of the people familiar with the hacking campaign said the critical network that DHS’ cybersecurity division uses to protect infrastructure, including the recent elections, had not been breached.

DHS said it was aware of the reports, without directly confirming them or saying how badly it was affected.

DHS is a massive bureaucracy responsible for securing distribution of the COVID-19 vaccine, among other things.

The cybersecurity unit there, known as CISA, has been upended by U.S. President Donald Trump’s firing of head Chris Krebs after Krebs called the recent presidential election…

Source…

U.S. agencies, companies secure networks after huge SolarWinds hack – Boston Herald

/in


U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage intrusion that experts said almost certainly was carried out by a foreign state.

It was not yet clear who was responsible for the intrusion, though it was reportedly conducted by Russia, and the extent of the damage is not yet known. The potential threat was significant enough that the Department of Homeland Security’s cybersecurity unit directed all federal agencies to remove compromised network management software and thousands of companies were expected to do the same.

What was striking about the operation was its potential scope as well as the manner in which the perpetrators managed to pierce cyber defenses and gain access to email and internal files at the Treasury and Commerce departments and potentially elsewhere. It was stark evidence of the vulnerability of even supposedly secure government networks, even after well-known previous attacks.

“It’s a reminder that offense is easier than defense and we still have a lot of work to do,” said Suzanne Spaulding, a former U.S. cybersecurity official who is now a senior adviser to the Center for Strategic and International Studies.

The campaign came to light when a prominent cybersecurity company, FireEye, learned it had been breached. FireEye would not say who it suspected, though many experts quickly suspected Russia given the level of skill involved, and alerted that foreign governments and major corporations were also compromised.

U.S. authorities acknowledged that federal agencies were part of the breach on Sunday, providing few details. The Cybersecurity and Infrastructure Security Agency, known as CISA, said in an unusual directive that the widely used network software SolarWinds had been compromised and should be removed from any system using it.

The national cybersecurity agencies of Britain and Ireland issued similar alerts.

SolarWinds is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and multiple U.S. federal agencies. The perpetrators were able to embed malware in a security update…

Source…

Government agencies, private companies secure networks, begin to assess damage from massive hack

/in


WASHINGTON — U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage intrusion that experts said almost certainly was carried out by a foreign state.

It was not yet clear who was responsible for the intrusion, though it was reportedly conducted by Russia, and the extent of the damage is not yet known. The potential threat was significant enough that the Department of Homeland Security’s cybersecurity unit directed all federal agencies to remove compromised network management software and thousands of companies were expected to do the same.

What was striking about the operation was its potential scope as well as the manner in which the perpetrators managed to pierce cyber defenses and gain access to email and internal files at the Treasury and Commerce departments and potentially elsewhere. It was stark evidence of the vulnerability of even supposedly secure government networks, even after well-known previous attacks.

“It’s a reminder that offense is easier than defense and we still have a lot of work to do,” said Suzanne Spaulding, a former U.S. cybersecurity official who is now a senior adviser to the Center for Strategic and International Studies.

The campaign came to light when a prominent cybersecurity firm, FireEye, learned it had been breached. FireEye
FEYE,
-1.16%
would not say who it suspected, though many experts quickly suspected Russia given the level of skill involved, and alerted that foreign governments and major corporations were also compromised.

U.S. authorities acknowledged that federal agencies were part of the breach on Sunday, providing few details. The Cybersecurity and Infrastructure Security Agency, known as CISA, said in an unusual directive that the widely used network software SolarWinds had been compromised and should be removed from any system using it.

The national cybersecurity agencies of Britain and Ireland issued similar alerts.

SolarWinds
SWI,
-16.69%
is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and multiple…

Source…