Wondering what’s this buzz about SolarWinds hackers attacking Microsoft and the US other organizations? Doubtful if this has affected any Microsoft product you are using?
Cybersecurity has been a major concern lately. Everyday businesses face cyber attacks like spear-phishing assault, malware assault, or man-in-the-middle attacks. The attackers behind these attacks try to benefit from the vulnerable business system.
In early 2020, there was a major cyberattack in which SolarWinds, a major US information technology firm, was hacked and affected more than 30000 organizations around the US. Some of the top US officials believe the hackers of the SolarWinds hacking campaign are from Russia. Few of the organizations like the elite cybersecurity firm FireEye and the top US government departments were SolarWinds hackers target.
Recently, Microsoft revealed that hackers behind SolarWind hacks have launched another attack by breaking into an email marketing account used by USAID and then launched a spear-phishing assault on many other organizations.
The SolarWinds hackers, or Nobelium as called by Microsoft gained access to the networks, systems, and data of thousands of SolarWinds clients. This happened when the firm unwittingly sent out software updates to its customers that included hacked code.
As a result, the hack compromised the data, networks, and systems of thousands when SolarWinds unwittingly sent the backdoor malware or the hacked code as an update to the Orion Software.
According to the SEC, SolarWinds has an IT performance monitoring system called Orion that is widely used by companies for IT resources. SolarWinds has more than 30000 institutions and agencies across the US that use this monitoring system.
The SolarWinds hackers used a method called supply chain assault to insert the malicious code into the Orion monitoring system. This supply chain attack works by targeting a third-party organization with access to the organization’s systems rather than hacking the network directly.
In this case, the Orion platform creates a backdoor through which the SolarWinds hackers target the accounts and users of the SolarWinds and can access and impersonate them. The malware could also access System fines and blend in with some legitimate activity of the company without detection, even by antivirus software.
According to the SEC, up to 18000 of the SolarWinds customers are left vulnerable to SolarWinds hackers as they have installed the new updates. Further, since the company has many high-profile clients and US government agencies the breach could be massive.
Top US agencies like the Pentagon, the Department of Homeland Security, the Department of Energy, the National Nuclear Security Administration, and the treasury were attacked. Further, other than US government agents, many high-profile companies like Microsoft, Cisco, Intel, and other organizations were also attacked by SolarWinds hackers.
The security experts had revealed that as the hack was done stealthily and was undetected for months, some victim business institutions may never know if they were hacked or not.
The Federal investigators and the Cybersecurity experts say that the Russian Foreign Intelligence Service AKA the SVR is responsible for this attack. The Russian intelligence was also held responsible for various other attacks. Such as breaking into the emails servers in the White House, State Department, and the Joint Chiefs of Staff in the year 2014 and 2015.
To this, the Russian government denied any involvement in this Spear-Phishing assault. Further, the former president of the US even held Chinese hackers behind this cyber attack without any evidence. But the Biden White House has said that it may respond to the cyber attackers.
Microsoft said during the February hearing that the company believes Russians are behind this attack. The FireEye CEO said that based on the company’s analysis, the evidence is most consistent with the behaviors of the Russian hackers. The company also revealed that it is expensive and difficult again. With the access to government hackers
As multiple networks have been penetrated, it is expensive and very difficult to secure the systems. The former president’s homeland security officials said that it could take years before the networks are proper and secure again. And with access to government networks, there is a chance of SolarWinds hackers to “destroy or alter data, and impersonate legitimate people”.
Not only is this breach one of the largest cyber-attack in the US but it also comes as a wake-up call for federal cybersecurity efforts. Sources say that the US Cyber Command that is tasked with protecting the American network and which receives billions of dollars in funding was blindsided. Instead, a private cybersecurity company called FireEye was the first one to notice the breach when it noticed its own systems were hacked.
This hack could bring broad changes in the cybersecurity industry to protect and secure the networks all around America. In February the US Senate summoned FireEye to testify and even called Microsoft and CrowdStrike to a series of hearings regarding the breach. Companies across the US that use the Orion system are now assuming that there are already breaches rather than merely reacting to attacks after they are found.
This attack has led to strengthening the bond between the US government and the Cybersecurity industry with the private sector helping the federal officials.
The suspected threat hacker group behind SolarWinds is still active in 2021 and has not stopped at just targeting SolarWinds. Microsoft on May 27, 2021, said that the Nobelium has launched another attack on the US Government. Further, Microsoft added that the SolarWinds hackers have now broken into an email marketing account used by the USAID or the US Agency for International Development. From there launching a Spear-Phishing assault on many other organizations.
Later the Department of Homeland Security and USAID both said they were aware of the hacking and were investigating it.
A blog has been released on the official website of Microsoft stating that it was in the process of notifying all of its targeted customers. It had “no reasons to believe” that these attacks involved any exploitation of Microsoft’s products or services.