By MATT O’BRIEN and Frank BAJAK, AP Technology Writer
Governments and major corporations around the world are scrambling to see if they, too, were victims of a global cyber-campaign that penetrated several US government agencies and included a common software product used by thousands of organizations Gone. Russia, the prime suspect, denies involvement. Cybersecurity investigators said the impact of the hack far exceeded the US agencies affected, including the Treasury and Commerce Department, although they did not disclose which companies or which other governments were targeted.
The hack began as early as March when malicious code was updated for popular software tracking businesses and governments’ computer networks. Malware, giving effect to a product created by the American company SolarWinds, provides remote access to elite hackers in an organization’s network so that it can steal information. It was not discovered until FireEye, the leading cyber security company, hacked it. Anyone who broke into FireEye was demanding data on their government customers, the company said – and built it with hacking tools it uses to check the security of its customers.
“There is no evidence that it was meant to be destructive,” said Ben Buchanan, a Georgetown University cyberspace expert and author of “The Hacker and the State”. He called the scope of the campaign “impressive, surprising and worrying”.
Its clear months timeline gave hackers ample time to extract information from too many different goals. Buchanan said the impact was likely to be significant and compared to the 2015 hack of the US Office of Personnel Management’s Chinese hack, in which the records of 22 million federal employees and government job applicants were stolen.
SolarWinds of Austin, TexasProvides network-monitoring and other technical services to hundreds of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia, and the Middle East.
Its compromise product, called Orion, accounts for about half of SolarWinds’ annual revenue. The company’s revenue in the first nine months of this year totaled $ 753.9 million. Its centralized monitoring looks for problems in an organization’s computer network, which means giving attackers a “God-view” of those networks.
SolarWinds, whose stock plunged 17% on Monday, said in a financial filing that it had sent an advisory to about 33,000 of its Orion customers that could be affected, although it was estimated that the number of customers was small – under 18,000. – In fact established earlier this year compromised the product update.
FireEye described the malware’s dizzying abilities – initially hiding in plain sight by marking its reconnaissance forces as Orion activity, being inactive for two weeks.
Was my work approved?
Neither SolarWinds nor US cyber security officials have publicly identified which organizations were violated. Just because a company or agency uses SolarWinds as a vendor, they were not necessarily vulnerable to hacking. Malware-Orion product updates released between March and June injected malware that opened the remote-access backdoor, but not every customer installed them.
Hackers will also have to target the organization.
The so-called supply-chain method is used to distribute malware via SolarWinds software, used in 2016 by Russian military hackers to infect companies that trade in Ukraine with hard drive- Wiping Noteti Virus – the most damaging cyberbait to date. In that case, hackers inserted a self-promoted worm into an update to a tax preparation software company to infect their customers. In this case, any actual intrusion of an infected organization requires “careful planning and manual interaction” according to FireEye.
SolarWinds said it was advised that an “external nation state” has intruded its system with malware. Neither the US government nor the affected companies have publicly stated which nation state they hold responsible. According to many security experts, Russia, the main suspect, said it had nothing to do with the hacking on Monday.
“Once again, I can dismiss these allegations,” Kremlin spokesman Dmitry Peskov told reporters. “If the Americans could not do anything about it for several months, then, perhaps, no one should blame the Russians for everything.”
Georgetown expert Buchanan said, “Operational Tradecraft” – how the hack was executed – sounds great. The hackers were “experienced and capable, finding a systemic weakness and then quietly exploiting them for months.” Technology scholar Brandon Valeriano of Marine Corps University said that supporting the consensus in the cybersecurity analysis community that Russians are responsible is the tactics, techniques, and procedures used that bear their digital fingerprints.
What can happen before and after?
Spying is as old as humanity and intelligence gathering does not violate international law – and cyber defense is difficult. But there is retaliation against the governments responsible for egoistic cyberspace. Diplomats can be expelled. Sanctions can be imposed. The Obama administration expelled Russian diplomats in retaliation for mediating Kremlin military hackers in favor of Donald Trump in the 2016 election. Cyber security has not been “a presidential priority” during the Trump administration, and the outgoing president has been unable or unwilling to place Russia for aggressive action in cyberspace, Chris Painter, who coordinated cyberpolicy at the State Department during the Obama administration .
He said, “I think it contributes to the people of Russia.” The incoming Biden national security team has indicated it will be less tolerant, and hopes to restore the position of the White House Cybercity Coordinator wiped out by Trump.
Industry experts say that more and more White House cyber security will be the focus.
An advisory issued by Microsoft, which assisted FireEye in its multiple response, stated that “over 13,000 notifications were delivered to customers attacked by the nation’s states over the past two years and (their) sophistication and operational security capabilities were steadily increasing Seen growth. “
Copyright 2020 The Associated Press. All rights reserved. This content may not be published, broadcast, rewritten or redistributed.