US Government Agencies are hit in a massive hack following a highly sophisticated attack on SolarWinds’ Orion Network Monitoring products.
SolarWinds’s Orion IT monitoring and management software has been used in a supply chain attack leading to the breach of government and high-profile companies using a malware dubbed SUNBURST or Solorigate.
CISA issued an emergency directive to all federal civilian agencies to disconnect or power down SolarWinds Orion products immediately
Hackers strike again. This time, hackers successfully breached and compromised SolarWinds Orion, a suite of network products that are used across all federal civilian agencies.
Related Article Chinese Hackers Hack into Pfizer-BioNTech Vaccine Data In Europe
The Department of Homeland Security’s cybersecurity agency is demanding drastic action of federal agencies, after the Department of Treasury and National Telecommunications and Information Administration NTIA were breached in a malicious supply chain attack using the SolarWinds IT management platform.
On Sunday night, the Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive calling on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.
Related Article US Federal Court Indicted 5 Chinese Hackers of APT 41 and BARIUM Group Working for Chinese Ministry of State Security
IT infrastructure mangement vendor SolarWinds disclosed Sunday that it experienced a highly sophisticated, manual supply chain attack on versions of its Orion network monitoring product released between March and June of this year. The company said it’s been told the attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, though no specific country was named.
A FireEye blog post states that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, but didn’t disclose the identity of any of the victims. FireEye said it’s been working closely with SolarWinds, the Federal Bureau of Investigation, and other key partners.
While hackers over the past two years have taken advantage of the tools MSPs rely on to manage customer IT systems, the tools utilized in this breach do not appear to be linked to SolarWinds’ MSP business.
Related Article Justin Trudeau’s Love For China Puts Canadians at Risk : Chinese “Thousand Talents” Program Robs Canada of the Research Canada had Invested In
The Orion platform supports SolarWinds’ traditional IT infrastructure management business and isn’t connected to the SolarWinds MSP business built through acquisitions in recent years. The company said it isn’t aware of any impact to its remote monitoring and management (RMM), N-Central and associated SolarWinds MSP products from the attack on Orion.
Austin, Texas-based SolarWinds last week named Pulse Secure’s Sudhakar Ramakrishna as its next CEO, and has been examining a spin-out of its MSP tools business for months. SolarWinds said its technology is used by the Pentagon, all five branches of the U.S. military, the State Department, NASA, the NSA, the Postal Service, the National Oceanic Atmospheric Administration, the Department of Justice, and the Office of the President of the United States.
National Security Council Spokesman John Ullyot said, “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,”
FireEye made the shocking disclosure Tuesday that it suffered a security breach in what’s believed to be a state-sponsored attack designed to gain information on some of the firm’s government customers. The attacker could access some of FireEye’s internal systems but apparently didn’t exfiltrate data from the company’s primary systems that store customer information, the threat intelligence vendor said.
The threat actor, however, stole FireEye’s Red Team security assessment tools, and FireEye said it isn’t sure if the attacker plans to use the stolen tools themselves or publicly disclose them. FireEye’s stock has plunged $1.69 (10.9 percent) to $13.83 per share since the hack was disclosed after the market closed Tuesday.
There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, Reuters reported Sunday. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, according to Reuters.
It is unclear exactly what they extracted; the situation is reminiscent of the Chinese hack of the Office of Personnel Management, which went on for a year in 2014 and 2015, with the loss eventually tallied at more than 22 million security-clearance files and more than five million fingerprints.
That turned out to be part of a much broader data-gathering effort by Beijing, which involved theft from the Starwood Hotels division of Marriott, the Anthem insurance database and Equifax, the credit reporting agency.
Related Article Leaked Files Expose Mass Infiltration of 2 Million Chinese CCP members in Companies, Institutions and Administration All over the World
Some media houses like Washington Post were quick to relate such attacks to Russia without evidence. However with recent covert and overt operation and strained relations with United States, the involvement of China cannot be ruled out at this moment. Only a detailed investigation report can find the real hackers.
Points to Ponder
Why are MSM like Washington Post too quick to name Russia in this hack? Has it been proved by the investigating agencies? or are the MSM trying to mislead the investigation efforts to be biased against Russia and divert the attention from the actual country which may even be China given the past history of Chinese hacking attempts on the US?
Follow us at:-
Twitter Handle: @newscomworld
Instagram Handle: @newscomworld
Parler Handle: @NewsComWorld
Gab Handle : @NewsComWorld
Tooter Handle: @NewsComWorld
Subscribe our : YouTube Channel https://www.youtube.com/channel/UCnKJQ3gFsRVWpvdjnntQoAA
Like our Facebook Page https://www.facebook.com/NewsComWorld
1,436 total views