- Tram Ho
Of the 18,000 organizations that accidentally downloaded a backdoored version of software from SolarWinds, only a very small number of about 0.2% were affected by an attack that took advantage of the backdoor to perform the second phase of installation. a malicious data packet. These unfortunate organizations are technology companies, government agencies, and non-governmental organizations. The vast majority – 80% – of this group, or about 40 organizations, are based in the US.
Those numbers were provided by Microsoft President, Brad Smith. He also shared some insightful comments on the dangers of this unprecedented attack. His figures are obviously incomplete, as Microsoft can only see what its Windows Defender app detects. That was a lot, though, and any discrepancies from the actual numbers would most likely be left out if rounded up.
Target top organizations
SolarWinds is the manufacturer of an extremely popular network management tool called Orion. A surprisingly large number of enterprise networks around the world are running this software. Government-backed hackers – which, according to two US congressmen who have received separate reports revealing Russia themselves – have found a way to take control of SolarWinds’ software building system and release a security update. backdoor integration. SolarWinds reports that approximately 18,000 users downloaded the malicious update.
The months-long hacking campaign was only revealed after the security company FireEye admitted to having been compromised by a strange government. During their investigation, the company’s researchers found that the hackers used the Orion backdoor, not just against FireEye, but as a much broader campaign aimed at many federal agencies in the US. In the 10 days since the incident, the scope and methods of hacking have become clearer and clearer.
The hack into SolarWinds and the backdoor installed in the 18,000 servers mentioned above is just the first stage of the attack, which was carried out with the sole purpose of targeting predetermined targets. The top organizations in sight are most likely the single target of the entire campaign, supposedly going on for at least nine months, possibly much longer.
Microsoft’s figures clearly show how this attack was intended. The hackers behind the supply chain intrusion took control of 18,000 corporate networks and tracked only 40 of them.
The map below shows the areas of activity of the victims:
Break all standards
Smith is aware that every industrial nation carries out espionage, including hacking. The difference in this case is that a government has broken all the standards that have been set by placing a series of important organizations in the world in real danger to pursue their intentions. He said:
” We need to step back and evaluate the magnitude of these attacks in complete context. This is not ‘conventional espionage operations’, even in the digital age. Instead, it is. It was a reckless act that created a serious technological hole for America and the world.It was not just an attack on specific targets, but an attack on trust and reliability of the body. The world’s critical infrastructure is meant to give a country’s intelligence to a country’s advantage.While most recent attacks seem to indicate a special focus on the US and many other democracies, it is also a powerful reminder that people in nearly every country are at risk and need protection from the governments where they live . ”
Smith also quoted FireEye CEO Kevin Mandia, saying: ” We are witnessing an attack by a nation with top offensive power .”
” In the course of Microsoft cybersecurity experts (FireEye) support, we have come to the same conclusion. This attack, unfortunately, showed a large-scale espionage campaign and has successful, both on top-secret US government information and the technology tools used by companies to protect them. The attack is still ongoing and will be actively investigated and addressed by public and private sector cybersecurity groups, including Microsoft. The ongoing investigation by Microsoft groups reveals a massive attack in both scope, sophistication, and impact. ” .
The SolarWinds hack is arguably one of the worst espionage hacks in the past decade, if not ever. Its technique and accuracy are truly awful. As the victims of the incident find out what the second phase of the attack did to their networks, this story is likely to become more compelling than ever.
Source : Genk