After a cyber attack hit several U.S. government executive departments, investigators are rushing to get to the bottom of the large scale operation allegedly carried out by Russian hackers, Reuters reports.
Hackers were monitoring the emails of Department of Homeland Security (DHS), Treasury Department, and Commerce Department officials as part of a larger cyber espionage operation, three unnamed sources told Reuters Monday.
SolarWinds, a technology company, said up to 18,000 clients had downloaded a corrupted software update that enabled the hackers to infiltrate key government and business infrastructure for nearly nine months, Reuters reports.
Asked about the suspected Russian hacking of Treasury & Commerce Departments, Wilbur Ross says on Fox Biz he can’t get into details but “there will be more revelations soon…We are taking it very, very seriously.” He initially joked the hackers weren’t after his wife’s recipes.
— Kaitlan Collins (@kaitlancollins) December 14, 2020
The U.S. government responded to the revealed hacking operation Sunday by issuing an emergency warning to disconnect the SolarWinds software, according to Reuters. In the warning, the U.S. government said the software was compromised by “malicious actors,” Reuters reports. (RELATED: US Treasury Emails Monitored By Suspected Russian Hackers)
The warning came after a Reuters report Sunday that claimed Russian hackers had used SolarWinds software updates to infiltrate U.S. government agencies like the Treasury Department.
The Commerce Department confirmed the security breach in a statement Sunday. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are currently investigating the hack.
Earlier this month, The National Security Agency warned that “Russian state-sponsored actors” were trying to exploit a different system widely used by the U.S. government.
U.S. officials suspect Russia is behind the hacking operation, but Russia has denied these allegations, according to Reuters.
CISA is the DHS arm tasked with handling various cyber security efforts. Part of those efforts include protecting election integrity, according to CISA’s website. One source said the DHS infrastructure surrounding election security had not been corrupted, according to Reuters. The department said it was aware of the reports, but did not comment on how badly the department’s cyber security network was affected, if at all, according to Reuters.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesperson John Ullyot said in a statement, The New York Times reports.
SolarWinds believes the breach originated with nefarious code inserted into an update for the Orion network management software by an “outside nation state” between March and June of this year, according to Reuters.
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at https://t.co/scsUhZJCk8
— SolarWinds (@solarwinds) December 14, 2020
“SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” the technology company said in a statement, Reuters reports. Among SolarWinds’ 300,000 global customers are a majority of Fortune 500 companies, as well as various world governments, according to Reuters. The White House, U.S. Department of Defense, and intelligence agencies for the U.S. and the U.K. are among SolarWinds’ clientele, Reuters reports.
SolarWinds told Reuters they were unaware of any other breaches and were helping the U.S. government investigate.
An organization that had installed the corrupted Orion update would have given hackers access to a back door where the hackers could access the rest of the computer system, according to three unnamed sources in the Reuters report. “After that, it’s just a question of whether the attackers decide to exploit that access further,” one of the sources told Reuters.
Since the hackers can keep their backdoors open with access to the Orion software, SolarWinds customers are scrambling to trace back the hacker’s digital footprints to the source of these breaches in order to permanently lock the hackers out, Reuters reports.