The US is the subject of another cyber attack.
Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a patch vulnerability in updates to IT group SolarWinds’s Orion software.
SolarWinds, a cyber IT monitoring and management firm, counts many more federal agencies as customers, along with a vast majority of U.S. Fortune 500 companies. Orion is a network management product from the company.
Sometime in February, hackers working for the Russian SVR, formerly the KGB, hacked into SolarWinds and slipped a backdoor patch into an Orion software update. Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks.
This appeared to be a supply-chain hack considering that the attackers targeted a lone member of the a secured supply chain, and focused on a firm that was readily accessible or at least far more lax than its federal counterpart in terms of cyber security.
In a similar fashion to the NSA famous master reboot record mal-code, the hackers established a continual access key that will remain even if the initial vulnerability in the February update is fixed. Now they attackers have free movement in the network, allowing them to target additional systems and accounts and then exfiltrate data to their own nested server.
The hack compromised multiple branches of the Pentagon, the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), the US Department of State, the National Nuclear Security Administration (NNSA), the US Department of Energy (DOE), and the City of Austin’s entire security network.
Experts say these breaches are expected to get worse.
The Energy Department’s National Nuclear Security Administration, which is task with maintenance of the nation’s nuclear weapons stockpile, was also compromised.
Mark Montgomery, of the Foundation for Defense of Democracies, blamed these attacks on the fact that many countries feel they could do something without incurring a U.S. response. He went on to compared the state of U.S. cyber defenses to the unprepared state of U.S. health care systems at the beginning of 2020.
This marks the second major security breach of US systems in the last decade, the first being the infamous OPM hack, when in 2015 the Office of Personnel Management was breached by Chinese hackers and a resulting 22 million American citizen’s records were compromised.
B1 Daily will be providing you breaking news surrounding the SolarWinds hack
-Terrence Dorner, B1Daily