The Federal Bureau of Investigation (FBI), the Office of the Director of National Intelligence (ODNI), the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) issued a joint statement with the approval of the Trump Administration saying that Russian threat actors are responsible for the supply chain attack on SolarWinds Orion software.
After the attack, the National Security Council formed a task force also known as the Cyber Unified Coordination Group (UCG) with the responsibility of investigating the breach. The task force is composed of CISA, the FBI, and ODNI, with NSA as a support. The task force is still checking out the extent of the data security incident nevertheless has reported that an Advanced Persistent Threat (APT) actor having likely Russian origins conducted the attack.
There are plenty of evidence indicating that the compromise of the SolarWinds software was included in the intelligence getting operation performed by Russia. Although various media outlets have formerly noted the security breach as being led by Russia, the first official public attribution declared by the Trump administration was made by and Secretary of State Mike Pompeo and former Attorney General Bill Barr. President Trump had recently mentioned China could have a participation has yet issued any remark on the attribution to Russia. once again, Russia dismissed any engagement in the attack.
The hackers jeopardized the program update function of SolarWinds Orion software and integrated a backdoor referred to as Sunburst/Solarigate to gain remote access to the systems of companies that got the compromised software program update. The investigation affirmed the fact that the activity has been ongoing for 9 months, and the systems of many entities were affected. The attackers then selected targets of interest to infect. In the second phase of the attack, additional malware was added and the hackers make an effort to get access to victims’ online environments. Microsoft stated that getting access to the web environments of victims was the major purpose of the attack.
The UCG feels that the systems of about 18,000 public and private sector organizations were breached by way of the SolarWinds Orion software update; nevertheless, a lot smaller number saw follow-on activity on their systems. Amazon and Microsoft have began looking into the security breach and were analyzing their web environments for indicators of compromise. Based upon their research, it appears like that the online environments of close to 250 of the 18,000 victims were impacted. That number may well go up as the inspection of the attack proceeds.
A further malware variant referred to as Supernova – a web shell. It was likewise discovered on the systems of certain victims. This malware variant was integrated by exploiting a zero-day vulnerability in the SolarWinds Orion program and doesn’t turn up to have been given by the same attackers.
Less than 10 U.S. government departments had their systems compromised. Most recently, the Department of Justice announced that it was breached. Though the hackers got access to its systems, the DOJ stated the breach only impacted its Microsoft Office 365 email environment and merely around 3% of its mailboxes were impacted. The DOJ stated that none of its identified systems seem impacted by the breach.