A growing number of US government agencies have been targeted in a sophisticated hack. The US Treasury and departments of homeland security, state, defence and commerce were attacked, reports say.
SolarWinds Orion, the computer network tool at the source of the breach, said 18,000 of its 300,000 customers might have been affected.
Many suspect the Russian government is responsible for the attack, but it denied the claims as “baseless”.
The attacks were first revealed by Reuters, identifying breaches at the Treasury and homeland security, the department which manages cyber-security for the US government.
Parts of the defence department were also breached, the New York Times reports, while the Washington Post says that the state department and National Institutes of Health were hacked.
The UK’s intelligence agency GCHQ is currently monitoring the situation and has described the compromises as “serious events”.
A number of UK government departments and other organisations use SolarWinds but its unclear if they use Orion.
The list of identified victims is expected to grow as more information about the incident emerges.
What happened?
SolarWinds Orion’s software allows IT staff to remotely access computers on corporate networks.
In a so-called “supply-chain attack”, hackers gained access to SolarWinds Orion and then had access to all of its customers’ networks.
FireEye, a company that provides US government cyber-security, identified the large-scale campaign after it fell victim to the hackers in a separate attack.
The actors manipulated SolarWinds Orion’s software updates to include malware which, once installed, allowed the hackers to monitor its customers’ systems, Fireye said.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds said in a statement on its website.
It urged all users of its Orion platform to update their software immediately for security.
FireEye hack
FireEye’s own hacking tools, which are used to carry out fake attacks on its customers, were stolen by the same actors, it said.
By mimicking the behaviour of hackers, it uses these programmes to investigate the security of different organisations and offer advice on how to protect vulnerabilities.
Since the discovery, there is evidence that these tools have already been used in 19 countries including the US, UK and Ireland, Raj Samani, chief scientist at leading cyber-security firm McAfee said.
Source: bbc.com
