On December 18, news broke out of a massive cyber-attack on system networks of several US government agencies and many private companies. Along with this, many of these companies are fortune 500 companies. Now, you can understand the level of seriousness of this cyber-attack.
Moreover, the network system of the Pentagon reportedly has also been breached. But that is not the most dreadful part of this whole mishap. Any US government security agency did not detect these breaches. But a company named FireEye reported it first.
Security experts suggest this type of attack cannot be conducted by a single group of hackers. Instead, it has traces and evidence of the state-sponsored attack. Reportedly Russia could be behind all of this, but Kremlin has denied having any part in this incident.
It has even come into the light, that the attackers were able to read the email exchanges of the key government officials. Furthermore, maybe able to read the emails of NSA employees.
Now Pentagon and NSA are trying to know and understand how much these attackers know of the secret information. And to what extent did they penetrate the government network systems.
Read the full article to know more about the incident.
How It Happened
This incident was first reported by FireEye on Dec 8, on their blog post. Click here to read that blog post.
In this blog, they said that they have detected a breach in their system. They have named this attack – Campaign UNC2452. Campaign because reportedly this all started somewhere from March of 2020. And it is being conducted in a manner of a well-thought campaign.
According to FireEye, this hack is being done by a novel set of tools. The likes that not have been seen before. Network security experts admit, the level of sophistication to carry out this cyber-attack is of high level.
FireEye CEO Kevin Mandia put out a statement- “attacked by a highly sophisticated threat actor with top-tier offensive capabilities”, and “the attacker primarily sought information related to certain government customers”.
Hackers used the ‘Supply Chain’ attack tactic. Meaning the attackers did not breach the systems of federal agencies and private organizations directly. But they breached the third-party software vendor.
In this case, the attackers have been successful in finding the vulnerability of a software-update of Orion. Orion is a third-party software developed by a company named SolarWind. Now, of course, Solarwind is facing a lot of heat!
How the Attackers Leverage the breach in SolarWind’s System
Orion is an IT management platform developed by SolarWind. And SolarWind is not any company, it is a very successful software company. And, you can understand this by acknowledging the fact that several Government agencies are their client.
Hackers have been successful to find a vulnerability in one of it’s Orion update. And when its customers downloaded the update it opened a backdoor in the network. Through a trojan tactic.
And it sounds easy. But many things were in play to carry out the whole operation. FireEye said that the attackers used multiple techniques to avoid getting detected and obscure their activity.
The malware was capable of accessing the system files. Moreover, what worked in the malware’s favor that it was able to blend in with the legitimate SolarWind’s activities.
Assessment of the Attack by the Officials
Microsoft has also accepted the whole event. And has confirmed that they have detected Malware in their system too.
Officials said – there was no evidence of “access to production services or customer data”, or that its “systems were used to attack others”
After this unfortunate event, Microsoft President Brad Smith has posted a blog. He mentions all the cyber-attacks that the country has faced in 2020. And how the world should also change with it. To read the article click here.
According to Homeland Security Adviser Thomas P Bossert, “evidence in the SolarWinds attack points to the Russian intelligence agency known as the SVR, whose tradecraft is among the most advanced in the world.”
President-elect Joe Biden, “A good defense isn’t enough; We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place.” said in a statement.
While President Trump downplays the situation. “I have been fully briefed and everything is well under control,” writes in a tweet. And blames Russia and China both for the attack.
As we know, no system is ideal and invulnerable. Hackers only need one vulnerable in the system, for their malicious activity. But the Solarwind hack is on a whole another level. This attack is no less than a terrorist attack. We as a citizen need to be aware of this kind of activities. And, should make this our responsibility as a law-abiding citizen to bring this kind of malicious activity in the light of states’ cyber law.
The world is already suffering through the COVID-19. Many are helping, while some are trying to exploit the situation. During this adversity, many cyber-attacks have been reported around the globe.
Several of these attacks were serious in nature. But the SolarWind Cyber Attack is a massive security breach to date. Security Agencies are still trying to assess the whole event. And trying to understand the depth of the breach.
Now it’s evident that we need more secure network systems. And through AI technology many companies and government agencies are already on it, to rectify the mistake.
Thank you for reading this article. Consider sharing it with your friends.