- 18,000 clients of the US SolarWinds software compromised
- The massive cyber-espionage disclosed after 9 months of damage
- Malicious code links to the Russian government
One of the biggest cyber espionage campaigns in recent history – SolarWinds hack – could require over $100 billion to fix the damage.
SolarWinds is a Texas-based major IT software provider with a base of high-profile clients.
The exploited software damaged thousands of clients, including the United States government institutions and the private sector.
At least four US government departments (including Commerce, Treasury, Homeland Security, and Justice), federal agencies, critical infrastructure entities, and multiple Fortune 500 companies were affected by the attack that was disclosed last December.
Russian FSB trails
The US intelligence and FBI reported links to “likely Russian-origin” hackers that used malware to gather intelligence data from high-profile victims.
Russian-based sources with cybersecurity background confirmed Reuters, malware resembling the one used by “Turla”. It is a hacking group that operates on behalf of the Russian FSB security service.
The distinct similarities included methods of victims identification, ways to hide from security analysts and formulas of calculating time frames when viruses were “sleeping” in order to avoid detection.
How was it done?
As the Department of Homeland Security reports, hackers broke into SolarWinds infrastructure in March 2020. They added malicious code into the company’s software platform, Orion.
The code was later unintentionally sent to more than 33,000 Orion users together with the regular software update. Malicious code created a backdoor for cybercriminals to add spying malware.
Over 18,000 Orion users installed the Orion updates and opened a door to attackers to monitor their data continuously for nine months before the detection in December 2020.
According to experts the attackers gained access to the organization’s identity provider. Their identification tools like multi-factor identity authentication systems were compromised. Thus hackers were able to impersonate legitimate users to spy on them.
SolarWinds developers use the software from JetBrains, a Czech tech company founded by three Russian engineers. The investigators now examine the role of JetBrains as it could have created a pathway for hackers.
As WSJ analytics reported, the sensitive information of the US government institutions including the Pentagon, Department of Homeland Security, Department of Treasury and State Department, Nuclear Security Administration was breached.
At least one hospital and university installed the malicious code. As well as numbers of private entities like tech giants Microsoft, Cisco Systems, Intel, Deloitte, and Nvidia.
Reportedly, the primal intent of the attackers could be spying on government secrets and internal communications. The hackers also breached sensitive files of new technologies and emails of executives.
On the flipside
- Vulnerabilities in the supply chain is a huge problem for enterprise-level IT and software companies.
- There is a lack of regulation on software improvements.
- The governments fail to bring a higher strategic focus to cybersecurity.
The SolarWinds attack is already called the biggest and most serious espionage campaign. It went undetected for months and highly possibly spread into multiple directions.
As cybersecurity expert and former NSA hacker, Jake Williams says, eliminating the malicious infection and fixing the damage might take months and cost hundreds of billions of dollars.