Take a Virtual, Interactive Tour 

Cyber Security

  |  
4 Min Read

SolarWinds massive Malware attack now tied to Russia.

The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia.

fdzsd-1(Photo by Alexander Ryumin TASS via Getty Images)

 

The background to this attack is due to the software provider SolarWinds was breached and a malware-laced update was deployed on Orion software. Which infected networks across US companies and government entities. Which US Security firm FireEye reported on as many other outlets reported this massive attack.

 

FireEye's own network was even breached as the SolarWinds supply chain attack allowed the hackers to get into their network which around 10 US governmententitieswere breached and around 18,000 Orion customers as well.

 

The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.

 

The Washington Post cited sources claiming that multiple other government agencies were also impacted.

Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House.

 

Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).

 

FireEye didn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community with government entities confirming the APT29 attribution, done by the US government, is most likely correct, based on current evidence.

 

 

In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected. 

 

"The campaign is widespread, affecting public and private organizations around the world," FireEye said.

 

"The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.

 

This malware being tied to Russia is a big security concern across the US and its allied countries as it has breach public, private, and government entities across the board. It's gonna be tense to see how this plays out.

Comment

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 4 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...