Blamed on Russia, the hack infiltrated federal agencies, including homeland security and nuclear programs. Microsoft and other companies are victims too.
Earlier this year, hackers compromised software made by a cybersecurity company you might not have heard of. The infiltration led to a massive malware campaign that’s now affecting US federal agencies as well as governments around the world, according to the security firm and news reports.
The hacked company, SolarWinds, sells software that lets an organization see what’s happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers installed the tainted updates onto their systems, the company said.
The compromised update process has had a sweeping effect, the scale of which keeps growing as new information emerges. Based on newspaper reports, the company’s statements and analysis from other security firms, a Russian intelligence agency reportedly carried out a sophisticated attack that struck several US federal agencies and private companies including Microsoft.
On Saturday, President Donald Trump floated on Twitter the idea that China might be behind the attack. Trump, who didn’t provide evidence to support the suggestion of Chinese involvement, tagged Secretary of State Mike Pompeo, who had earlier said in a radio interview that “we can say pretty clearly that it was the Russians that engaged in this activity.”
US national security agencies issued a joint statement Wednesday acknowledging a “significant and ongoing hacking campaign” that’s affecting the federal government. It’s still unclear how many agencies are affected or what information hackers might have stolen so far, but by all accounts the malware is extremely powerful. According to analysis by Microsoft and security firm FireEye, both of which were also infected with the malware, it gives hackers broad reach into impacted systems.
On Thursday, Politico reported that systems at the Department of Energy and the National Nuclear Security Administration were also affected. Also on Thursday, Microsoft said it had identified more than 40 customers that were targeted in the hack. More information is likely to emerge about the hack and its aftermath. Here’s what you need to know about the SolarWinds hack:
How did hackers sneak malware into a software update?
Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product, the company explained in a filing with the SEC. From there, they inserted malicious code into otherwise legitimate software updates. This is known as a supply-chain attack, because it infects software while it’s being assembled.
It’s a big coup for hackers to pull off a supply-chain attack, because it packages their malware inside a trusted piece of software. Instead of having to trick individual targets into downloading malicious software with a phishing campaign, the hackers could rely on several government agencies and companies to install the Orion update at SolarWinds’ prompting.
The approach is especially powerful in this case because hundreds of thousands of companies and government agencies around the world reportedly use the Orion software. With the release of the tainted software update, SolarWinds’ vast customer list became potential hacking targets.
Which government agencies were infected with the malware?