Government and private sector organizations around the world are reeling from the discovery of one of the biggest and most shocking cyber hacks in recent history, with ramifications that extend into the fields of geopolitics, espionage and national security.
According to SolarWinds, a company that provides tech services to large companies and numerous government agencies, along with Microsoft, the cybersecurity company FireEye, and the DHS Cybersecurity and Infrastructure Security Agency, the hackers compromised a computer server and inserted malicious code into SolarWind software updates that were pushed out to nearly 18,000 customers around the globe.
Perhaps most disturbing is that these updates with the malicious code were sent between March and June of this year, just when America was locking down and implementing work-from-home protocols to weather the early wave of the pandemic. Further, the breach was only discovered by accident. This left the hackers with months to exploit the compromised systems.
The hackers have already leveraged their access into consequential breaches at the DHS, DoD, the U.S. Treasury, the Dept. of Commerce, Dept. of State, the National Institutes of Health, the Department of Energy, the National Nuclear Security Administration and others. In addition, nearly all Fortune 500 companies use SolarWinds products to monitor their networks, including numerous defense contractors..
Twice this week AlertsUSA subscribers have been notified of new warning messages issued by the DHS Cybersecurity and Infrastructure Security Agency regarding this historic breach.
Quoting from the DHS/CISA alert issued Thursday (or PDF alternate):
- "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated"
- "CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments, as well as critical infrastructure entities and other private sector organizations."
- "This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks."
- "This threat actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
The FBI, DHS and Office of the Dir. of Nat'l Intelligence warn that this is a significant and ongoing cybersecurity attack and have formed a Cyber Unified Coordination Group (UCG) to manage a whole-of-government response to this incident.
Readers are cautioned that while many fingers are being pointed towards the government of Russia as being behind this attack, other voices in the national security community are warning that China could in fact be responsible.
Late Friday, a bipartisan group of lawmakers called on the President to act. According to Florida Senator Marco Rubio:
“But it’s crucial we have complete certainty about who is behind this,” Rubio said. “We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.”
AlertsUSA continues to monitor the domestic and international threat environment around the clock and will immediately notify service subscribers, via SMS messages to their mobile devices, of new alerts, warnings and advisories or any developments which signal a change the overall threat picture for American citizens as events warrant.
