National security adviser Robert O’brien cut short his foreign trip and returned to Washington, D.C., in a clear sign of the seriousness of the major hack that hit dozens of institutions and governmental and non-governmental interests two days ago.
The latest hack is widely believed to be one of the most damaging in recent years, although it is unclear how large the losses are or the significance of the information that may have been accessed, copied or corrupted.
The U.S. Information Security Agency (CISA) sent an urgent directive to all federal agencies to turn off power to all SolarWinds ‘ computers as soon as information about the breach was received, confirming the seriousness of the hacking.
The Wall Street Journal reported that the hackers planted a cyber virus in one of the computers of the company, which operates networks among whose customers are highly sensitive federal agencies.
Russian government hackers are widely believed to be responsible for hacking the computer systems of several US entities, while Russia denies the accusations.
What happened?
Most Press reports about the recent attacks point to a vulnerability in software provided by SolarWinds, a company headquartered in Austin, Texas.
The company provides extensive services to the federal government, including various government ministries, agencies and research institutes, and provides the same services to thousands of major U.S. companies. One of the most important programs that Orion provides to these entities is the program “Orion” to monitor and secure their computer networks.
SolarWinds said it has about 300,000 customers, but confirms that less than 18,000 customers are using the Oren software through which the hack took place.
Speaking to US national radio, Glenn Gerstel, who served as an adviser to the NSA from 2015 to 2020, said it was like “you wake up one morning and suddenly realize that a thief has been constantly in and out of your house for the past six months.”
Gerstel added that after the hacking incident, the US security services “should go back and look in every room to see what was stolen, what was touched or copied, or what was left, and of course, this is just a terrifying idea,” noting that the hackers were careful not to leave traces behind.
The latest hack comes amid a long list of cyber attacks suspected by Russia (Reuters)
The target
According to the information available so far, the list of US entities affected includes the Department of Commerce, the Department of Homeland Security, the Pentagon, the Treasury Department, the US Postal Service, the National Institute of Health, The Secret Service tasked with protecting the US president, as well as the Federal Reserve, Lockheed Martin military industries, and the National Security Agency.
The latest hack is part of a long list of cyber attacks suspected by Russia, and US intelligence accuses Russia of using hackers and other means to influence the 2016 presidential election. US national security agencies have succeeded in preventing Russia from interfering in this year’s elections.
How big is the penetration?
Microsoft says the efforts currently address the size and nature of the hack, which helps in revealing the scope of losses to the companies and agencies affected, and the same tasks many companies that were affected by the attack.
Various government agencies are also conducting cyber-hacking investigations, none of which have yet revealed the details of these investigations.
How dangerous is penetration?
Gerstel says the biggest challenge now ahead stems from”it’s not clear what the hackers did after accessing US systems and networks.”
“This is not a question of someone manipulating software to open dams or turn off electrical grids, it is not even clear what the purpose of the attack is, and whether it aims to steal intellectual property and scientific secrets in the same way that China has stolen, for example, everything from solar panel patents to methods of manufacturing fighter aircraft,”he adds.
Announcement
He said the intrusion could simply be a case of espionage from a government trying to understand what its opponent is doing.
What is the position of the entities whose networks have been hacked?
Company “SolarWinds” (SolarWinds)
“We were informed that this incident was most likely the result of a highly sophisticated and targeted attack by an external state, but we did not independently verify the identity of the attacker, “SolarWinds said.
“We have been alerted that the author of the attack is targeting our emails and other files that we use, all of which fall within Microsoft Office 365 packages,”the company said in a statement.
The company confirmed it is working with Microsoft to determine whether any customer data has been used, but she added that, until now, did not find signs of the presence of data stolen.
FireEye reported that a highly sophisticated state-sponsored adversary stole the tools of its cyber security team (networking sites)
FireEye Inc.)
The cybersecurity company reported that a highly sophisticated state-sponsored adversary stole tools -its red team-a team specializing in cyber protection, which is used to test security vulnerabilities in its customers ‘ computer networks, and the list of customers includes many government entities.
The company said it is working with the FBI and Microsoft, and that its analysis indicates that this hack is not a self-spreading operation, but a deliberately executed operation that required careful planning and significant human interaction.
Microsoft (Microsoft)
The company has indicated that experts believe that “what has been IS activity behind the state on a large scale, targeting both the government and the private sector”, Microsoft said she shared some details about the threats that I witnessed throughout the past few weeks.
Microsoft added that the instructions on updating the software of the company “SolarWinds” gave hackers a foothold in the computer network of their targets, which an attacker can use to obtain different and more important data.
She noted that Microsoft’s defense software, known as Defender, can now detect files used in the hack.
The company praised other companies for being open and transparent in detecting hacking attacks, saying it would help others enhance their security. As for Microsoft itself, the company said that so far it has not “found evidence of a successful attack
