The Russian-linked SolarWinds hack that targeted US government agencies and private companies may be even worse than the authorities realized, with some 250 federal agencies and companies now considered affected, the New York Times reported.
Microsoft said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “represent any of the organization’s existing users and accounts, including highly privileged accounts”. O Times reports that Russia exploited layers of the supply chain to access agency systems.
O Times reports that early warning sensors that Cyber Command and the NSA have placed inside foreign networks to detect potential attacks appear to have failed in this case. In addition, it seems likely that the US government’s attention to protecting the November elections from foreign hackers may have taken resources and focus out of the software supply chain, according to the Times. And conducting the attack from within the United States apparently allowed hackers to escape detection by the Department of Homeland Security.
Microsoft said earlier this week that it found that its systems were infiltrated “in addition to the presence of malicious SolarWinds code”. The hackers were able to “view the source code in various source code repositories”, but the hacked account granting access was not allowed to modify any code or systems. However, as a small piece of good news, Microsoft said it found “no evidence of access to production services or customer data” and “no indication that our systems were used to attack third parties”.
Senator Mark Warner (D-Virginia), a senior member of the Senate Intelligence Committee, told the Times the hack looked “much, much worse” than he initially feared. “The size continues to expand,” he said. “It is clear that the United States government did not notice.”