That, investigators say, means it is unlikely that the perpetrators made the most of the widespread access they could have gained. In order to stay below the radar of the US government’s own security teams, the update was programmed to sit silently for two weeks after it was installed, and then to only upload stolen data in small quantities so that it could be disguised as normal Orion traffic. Thankfully, even then, the full attack was a technically challenging manoeuvre. By hacking SolarWind and inserting weaknesses into the Orion software at source, the attackers simply had to wait until their targets downloaded and ran a fake software security update. That breach provided the foothold the attackers needed to begin monitoring internal emails at the departments.
Rather than directly attacking the US government, the attackers succeeded in compromising the automatic update function built into Orion. The hack, attributed to Russian state actors, took the form of a so-called supply chain attack. If there is one silver lining to the months-long global cyber-espionage campaign discovered when a prominent cybersecurity firm learned it had been breached, it might be that the sheer numbers of potentially compromised entities offers them some protection.īy compromising one piece of security software – a security tool called Orion developed by the Texan company SolarWinds – the attackers gained access to an extraordinary array of potential targets in the US alone: more than 425 of the Fortune 500 list of top companies all of the top 10 telecommunications companies all five branches of the military and all of the top five accounting firms.īut they are just a fraction of SolarWinds’ 300,000 global customers, which also include UK government agencies and private sector companies.įor now, we only have only confirmation from investigators that the US Treasury and commerce departments were attacked.
0 kommentar(er)
