US government, thousands of businesses now thought to have been affected by SolarWinds security attack
Orion software updates were used to deploy the Sunburst malware, leading to massive supply chain attack
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Thousands of businesses and several branches of theUS governmentare now thought to have been affected by the attack on software firm SolarWinds.
The Austin-based company has fallen victim to a massive supply chain attack believed to be the work of state-sponsored hackers.
Along with the US treasury and commerce departments, the Department of Homeland Security is now thought to have been affected by the attack. In a statement to the SEC today, SolarWinds said it had notified 33,000 customers of its recent hack, but that only 18,000 of these used the affected version of its Orion platform.
The breach was uncovered by researchers at cybersecurity firmFireEye, which was in the process of investigatinga huge cyberattackagainst its own systems.
According to FireEye, the attackers breached the software provider and then deployed updates for Solarwinds' Orion software that were filled with malware in order to infect the networks of organizations as well as multiple government agencies in the US.
While sources that spoke with theWashington Postcredited the Russian-based hacking group APT29 or Cozy Bear with the attack, FireEye instead gave the group the code name of UNC2452 until it could be proven thatAPT29really was responsible.
Microsoftalso confirmed that SolarWinds had fallen victim to a cyberattack in a series of security alerts privately sent out to its customers on Sunday.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Using updates to deploy malware
In asecurity advisorysent out late on Sunday, SolarWinds admitted that its Orion software platform was breached in a targeted attack, saying:
“SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”
FirEye has named the malware deployed in SolarWinds' Orion updates Sunburst while Microsoft has given it the name Solorigate and added detection rules to itsantivirus software. The cybersecurity firm also published atechnical reportas well as a set ofdetection ruleson GitHub.
SolarWinds plans to release a new update (2020.2.1 HF 2) on Tuesday that “replaces the compromised component and provides several additional security enhancements”.
ViaZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Anker Nebula Mars 3 review: A powerful and truly portable projector
