Mounting evidence points to the "serious compromise" of SolarWinds' Orion software having been an intelligence gathering operation "likely" run
Get Permission
Reacting to news reports claiming hackers may have used Czech software firm JetBrains’ TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators. But he says customer misconfiguration of TeamCity could have enabled a hack. JetBrains has not taken part or been involved in this attack in any way, the CEO says. He adds, however, that it’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this [SolarWinds breach] process, it could very well be due to misconfiguration, and not a specific vulnerability.
Get Permission
Mounting evidence points to the serious compromise of SolarWinds Orion software having been an intelligence gathering operation that was likely run by Russia, according to a joint U.S. intelligence assessment. It s the first public attribution to be issued by the Trump administration for the massive supply chain attack against SolarWinds.
The attack campaign compromised systems at thousands of organizations for up to nine months. It was discovered not by the National Security Agency, but rather by FireEye, a private cybersecurity firm based in California that was one of the supply chain attack victims.
Since FireEye on Dec. 13 issued an alert about the attack campaign, government investigators have been scrambling to ascertain what happened and how best to mitigate the damage.
Get Permission
The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations still running vulnerable SolarWinds Orion software to immediately update to the latest version.
In an update released Wednesday, CISA says the organizations with a vulnerable version of the SolarWinds platform installed must update to version 2020.2.1HF2 by Dec. 31. The National Security Agency has examined this version and verified that it eliminates the previously identified malicious code, CISA says.
The SolarWinds hacking was initially disclosed on Dec. 13 by FireEye, which discovered the supply chain attack. Multiple federal agencies were compromised, including the Commerce and Treasury departments. SolarWinds says that from March through June, it issued Orion software updates that unintentionally included attacker-added backdoors, which FireEye has dubbed Sunburst. The malicious software updates were signed using valid digital sig
This story has been updated.
Dozens of U.S. Treasury Department email accounts were breached as part of the massive SolarWinds supply chain attack, according to a senior Democratic senator. The hack of the Treasury Department appears to be significant, says Sen. Ron Wyden, D-Ore., the top Democrat on the Senate Finance Committee, in a statement. “According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn’t known.
He says an investigation into exactly what was accessed or stolen remains ongoing, but that dozens of email accounts were compromised.
Biden s Latest Comments