The group of hackers behind the SolarWinds The scandal found other ways to intrude on US companies and public agencies, in addition to compromising the title software company. In fact, almost a third of the victims of the hack – approximately 30%– I have no connection to SolarWinds, said a senior federal security officer this week.
Brandon Wales, acting director of the Cyber Security and Infrastructure Agency, told the Wall Street Journal that hackers “gained access to their targets in various ways” and that “it is absolutely correct that this campaign should not be considered the SolarWinds campaign”.
In fact, the cybersecurity scandal – which proved to be the largest in US history– unfortunately it became known as “SolarWinds” after hackers used trojanized malware to infiltrate the company and its customers through its popular Orion software, an IT management program commonly used by government agencies.
But, as previously reported, hackers seem to have leveraged a multitude of strategies to invade American entities – not just invade Orion. This included exploitation of incorrectly protected administrative credentials, password diffusion and even, apparently, only password guessing. They also engaged other independent SolarWinds supply chain companies, such as Microsoft, FireEye and Malwarebytesand they also appear to have used Microsoft’s cloud-based Office software to access certain government agencies.
In fact, investigators are still unraveling the hackers’ path and the route they took when they entered a vital US supply chain. The Wall Street Journal reports:
SolarWinds itself is investigating whether the Microsoft cloud was the initial entry point for hackers on its network, according to a person familiar with the SolarWinds investigation, who said that this is one of several theories in progress.
G / O Media can receive a commission
The hack affected a worrying number from powerful federal agencies, including the Department of Defense, the Federal Judiciary, the Treasury, the Departments of Commerce, Labor and State, the DOJ and the National Nuclear Security Administration (NNSA), which is responsible for protecting America’s nuclear stockpile , among others.
President Joe Biden has swore to punish the guilty– recently saying that it would guarantee “substantial costs” to those responsible. He also promised invest more heavily in efforts to protect federal agencies and said it will make cybersecurity a more central and strategic part of your presidency than its predecessor.
The US government has been trying to blame Russia for the hack, making a statement earlier this month in which it said “an Advanced Persistent Threat (APT) actor, probably of Russian origin, is responsible for most or all of the newly discovered ongoing cyber compromises of government and non-government networks”
However, some private companies have been more cautious about the allocation. Benjamin Reed, director of threat intelligence at FireEye (who was also hacked by the same actor) recently said he had “I didn’t see enough evidence” to determine whether the actor came from Russia, although he called it “plausible”. Russia has denied responsibility.