Five days after FireEye detailed the theft of about 300 of its proprietary cybersecurity tools, SolarWinds announced that its Orion IT monitoring platform had also been compromised by hackers believed to be sponsored by the Russian government. Together, the attack that originated with a SolarWinds vulnerability turned over critical cybersecurity infrastructure to the malicious actors, along with potential access to thousands of global entities’ sensitive information. As the cybersecurity world wraps its head around how two top vendors were breached, we examine the organizations involved, details of the attack, and implications for the industry and its customers.
The attacks
Earlier this month, the U.S. National Security Agency warned that federal agencies were actively being exploited by “Russian state-sponsored actors.” A week later, FireEye’s prized Red Team hacking tools were stolen by a presumed Russian actor. And now we’ve learned that SolarWinds’ Orion platform ha
SolarWinds supply chain attack explained: Why organisations were not prepared
A group believed to be Russia s Cozy Bear gained access to government and other systems through a compromised update to SolarWinds Orion software. This scenario is not in most threat models Credit: Dreamstime
The recent breach of major cyber security company FireEye by nation-state hackers was part of a much larger attack that was carried out through malicious updates to a popular network monitoring product and impacted major government organisations and companies.
The incident highlights the severe impact software supply chain attacks can have and the unfortunate fact that most organisations are woefully unprepared to prevent and detect such threats.
Russia’s Latest Cyberattack Highlights Moscow’s Boldness
The Russian cyberespionage group is thought to have gained backdoor access to hundreds of entities, such as the United States Treasury, Department of Commerce, and Department of Homeland Security, and many other private and government entities.
The Russian Cyber-Bear has roared once again. The notorious Advanced Persistent Threat (APT) 29, or Cozy Bear, seems to have forgone hibernation this winter in order to continue carrying out a months-long, ambitious, and creative supply chain attack against a server management and performance monitoring software company, SolarWinds, that threatens a vast array of entities, both public and private, in the United States and around the world. The incident was so alarming that the National Security Council met at the White House Saturday, and the Cybersecurity and Infrastructure Security Agency (CISA) pushed a rare emergency directive to curtail the damage.
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. ( SolarWinds letters  by sfoskett is licensed under CC BY-NC-SA 2.0)
The U.S. Department of Homeland Security, Treasury Department and FireEye are among the most prominent victims affected by the supply chain attack on SolarWinds network monitoring software. But these data breaches are just scratching the surface of one of the most significant foreign hacking incidents in history â one that will have long-lasting repercussions.
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. That attack allowed the culprits to perform reconnaissance, elevate their privileges, move laterally and steal data.
The recent breach of major cybersecurity company FireEye by nation-state hackers was part of a much larger attack that was carried out through malicious updates to a popular network monitoring product and impacted major government organizations and companies. The incident highlights the severe impact software supply chain attacks can have and the unfortunate fact that most organizations are woefully unprepared to prevent and detect such threats.
A hacker group believed to be affiliated with the Russian government gained access to computer systems belonging to multiple US government departments including the US Treasury and Commerce in a long campaign that is believed to have started in March. The news triggered an emergency meeting of the US National Security Council on Saturday.