Is This The Hack Of The Decade?

Uploaded on 2020-12-29 in TECHNOLOGY--Hackers, FREE TO VIEW

Microsoft was hacked as part of the suspected Russian campaign that has hit multiple US government agencies by taking advantage of the widespread use of software from SolarWinds Corp.

As with the networking management software by SolarWinds, Microsoft’s own products were then used to further the attacks on others, in what some are calling the biggest hack in a decade.

It is not yet certain how many Microsoft users were affected by the tainted products and  US Department of Homeland Security (DHS) says that the hackers used multiple methods of entry and is investigating the massive hack against the US government, which included  malicious computer code sent to Microsoft

Microsoft is a customer of SolarWinds, the IT provider the hackers used to send software updates to numerous US government agencies. Microsoft says it neutralised the infection before any major damage was done. “We have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed,” the company said in a statement. Microsoft added: “We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

The hack, which is being blamed on Russia, infiltrated federal agencies, including homeland security and nuclear programs. Microsoft and other companies are also affected.

Microsoft  is a user of Orion, the widely deployed networking management software from SolarWinds Corp which was used in the suspected Russian attacks on vital U.S. agencies and  the US National Security Agency (NSA) issued a rare "cybersecurity advisory"  detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.

SolarWinds sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers in stalled the tainted updates onto their systems, the company said. One of the people familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft's corporate infrastructure.

The DHS said the hackers had used other techniques besides corrupting updates of network management software by SolarWinds which is used by hundreds of thousands of companies and government agencies. According to sources, the DHS does not believe Microsoft was a major source of infection and  the hackers appear to have used multiple methods of entry. 

The US Energy Department said it has evidence hackers gained access to its networks as part of the campaign.and the National Nuclear Security Administration (NNSA), which manages the country's nuclear weapons stockpile, was also targeted. An Energy Department spokeswoman said malware "has been isolated to business networks only" and has not impacted U.S. national security, including the NNSA.

The US Cyber Security and Infrastructure Security Agency (CISA) has urged investigators not to assume their organisations were safe if they did not use recent versions of the SolarWinds software. CISA said it was continuing to analyse the other avenues used by the attackers.

Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers, but an obvious concern is that the attackers might have installed additional ways of maintaining access

The Department of Justice, the FBI and Defense Department have moved routine communication onto classified networks that are believed not to have been breached on the assumption that the non-classified networks have been compromised. But the attackers are very careful and have deleted logs which would reveal the electronic fingerprints about which files they have accessed. That makes it hard to know what has been taken and some major companies have said they have "no evidence" that they were penetrated, but that may only be because the evidence was removed.

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, it is reported bu those familiar with the investigation.

Meanwhile, members of the US Congress are demanding more information about what may have been taken and who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation, while senators pressed to learn whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would "elevate cybersecurity as an imperative across the government" and "disrupt and deter our adversaries" from undertaking such major hacks.

Reuters:    Reuters:       PCMag:      CNet:      Channel News Asia

You Might Also Read: 

Microsoft & Intel Agree To Fight Malware:

 

« Major Cyber Attack On US Government Agencies Blamed On Russia
How to Close the Global Cybersecurity Skills Gap: Two Easy Steps »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.