In 2020, you may have seen a big government scandal on the news, or heard about it from a friend or coworker, but it may very well be the worst cyber-attack on government facilities in the United States. Beginning as early as March, a massive hacker strike took place when malicious code was snuck into updates to a globally-used software. Through this, hackers were able to access a wide variety of United States national security agencies including departments within the US government. 

The hack began in the early Spring when updates to a popular software called Orion would take place. The hackers used the automatic updates as a way to attach their malicious code and breach their security systems. At least six United States government agencies are reported to have been victims of this hacking. Most of those who were affected by this attack are within the US, Microsoft has also stated that it had discovered that there were other victims on a global level including locations within Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

The hackers utilized a complex piece of network management software, Orion, made by the company SolarWinds to piggyback on in order to gain access to the department’s systems. SolarWinds is an IT monitoring and management software that many companies utilize to aid in their IT services. An urgent order went out from the Department of Homeland Security on December 13 for all agencies to shut down the software. However, by this time, it was clearly too late for intrusions that have been underway for months. The hackers broke into the code as periodic automatic updates of the software took place.

As stated before, the attack was launched against their SolarWinds Orion platform, an enterprise network monitoring solution. This platform is not connected in any way with any of the MSP products, such as the N-Central platform that many use. The President of SolarWinds MSP, John Pagluica commented on the situation saying “We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack.”

Most sources claim that the attack is linked to Russia in some way. A multitude of US officials and prominent cybersecurity experts have publicly stated that they believed Russia was the culprit, specifically SVR, Russia’s foreign intelligence service that focuses mainly on civilian affairs. Andrei Soldatov, and investigative journalist and hub for information relating to intelligence agencies, and an expert on Russia’s own spy agencies stated that the hack was most likely a joint effort between the Russian SVR and FSB, the federal security service that was the main successor of the USSR’s KGB and domestic spy agency once led by Vladimir Putin. Russia has denied all claims of their involvement. However, after deciphering the tactic used in breaching the software, researchers found that the infiltration tactic used was the “supply chain” method, which was heavily used by Russian hackers in 2016 during the most damaging cyber-attack ever recorded.

Although Trump had not publicly commented on the attack for most of the initial week, secretary of state Mike Pompeo became the first Trump official to publicly confirm the Russian-related hypothesis. Through both federal and private experts, the Trump Administration had then confirmed their belief that the hackers are working on behalf of their foreign government and are some sort of Russian Intelligence Agency. There had been much stipulation that the then current president had been downplaying the current security situation. After one week of the situation being publicly announced, he sent a tweet dismissing the seriousness of the attack which contradicted his own officials’ statements. Despite the statements made by Pompeo and other Trump officials, the president said that he was skeptical of holding Russia responsible and tweeted later that maybe another country such as China could have been responsible.

President Biden has voiced his strong opinions about how the situation should be handled, and, in a statement, has pledged to “elevate cybersecurity as an imperative across the government.” In retort to Trump’s “irrational downplaying” of the widespread hack while at a news conference in Delaware, he criticized the current president by stating “this assault happened on Donald Trump’s watch when he wasn’t watching.” Both Trump and Biden have been watching this situation closely and continue to publicly mention what action could have been or could be taken in this situation, without any luck of finding a solution as of now.

Experts say that it could take years for this situation to be rectified. As for now, security officers are planning for rebuilding whole networks in order to isolate them from compromising networks. It has been multiple weeks since this became public knowledge, and yet, it is still unclear about what information has been compromised or stolen. Because a multitude of departments that were targeted, supposedly including the US Treasury, the Pentagon, and the Department of Homeland Security, it is concerning that there is no proof of any information being stolen, but who knows what someone can do with that plethora of information.

Recent Updates:

Since the first attacks last spring, there have been multiple updates on the government hackings. According to the New York times, roughly “18,000 private and government users downloaded a Russian tainted software update.” This allowed the hackers to slip through and gain access to the victims’ systems. SolarWinds, the company whose Orion software had been hacked, was being used by many government and private companies throughout the nation. Some of these include the Centers for Disease Control and Prevention, the State Department, the Justice Department, as well as numerous utility companies.

According to cnet.com, the hackers used a multitude of creative techniques to breach target systems in 30 percent of the discovered breaches. Brandon Wales, acting director of the Cybersecurity and Infrastructure Agency, made a point to comment on behalf of SolarWinds saying "it is absolutely correct that this campaign should not be thought of as the SolarWinds campaign." This occurred after a new hacking technique was used without entering through the SolarWinds update. Cnet states that the hackers gained entry to Microsoft services “running on Malwarebytes’ systems by abusing third party apps with privileged access to Office 365 and Azure products. Microsoft’s president, Brad Smith, while at the Senate Intelligence Committee hearing on February 23, said that it is likely that it may never be known how many paths the hackers used to attack during the series of breaches.

 

If you are concerned that you have been hacked or you want to ensure your business’s protection, reach out to us on our website https://www.responsivetechnologypartners.com/ or call us at (877) 358-9388.

 

 

 

 

 

 

Sources:

https://www.theguardian.com/technology/2020/dec/18/orion-hack-solarwinds-explainer-us-government

https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little

https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/

https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html

https://www.businessinsider.com/list-of-the-agencies-companies-hacked-in-solarwinds-russian-cyberattack-2020-12

https://www.wsj.com/articles/cybersecurity-official-fired-by-trump-last-month-says-u-s-election-was-secure-11608155802

https://www.cyberscoop.com/biden-cybersecurity-hack-solarwinds/

https://www.nytimes.com/2020/12/22/us/politics/biden-trump-russia-hack.html?auth=login-email&login=email

https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html

https://www.cnet.com/news/solarwinds-not-the-only-company-used-to-hack-targets-tech-execs-say-at-hearing/