Thursday, March 28, 2024
HomeUS Government ContractsDHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source...

DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack

A host of American agencies use a tool that was turned malicious by hackers earlier this year. The impact of the latest major espionage campaign could have widespread and global impact. getty
The latest espionage attack on the U.S. government is not limited to the Treasury and Commerce departments. Looking at the agencies who use the software that was used as a launchpad for the hacks, the breach could go right to the heart of America’s national security apparatus.
Hackers managed to hide malicious code in a software update for a tool called SolarWinds Orion. It’s typically used to make IT simpler with a single panel for administering various parts of a network. Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020. According to Reuters, which broke the news Sunday, that allowed the snoops a foothold in customer networks and the ability, at the very least, to spy on emails.
According to a review of public records, the range of U.S. government customers who’ve previously bought SolarWinds Orion is vast. The Pentagon is the biggest customer, with the Army and the Navy being big users. The Department of Veterans Affairs, which is heavily involved in the U.S. response to Covid-19, is another Orion fan and the biggest spender on the tool in recent years. In August, it renewed its Orion license in a $2.8 million order. The National Institutes of Health, DHS and the FBI are also amongst the many branches of the U.S. government that have previously bought the tool.
SolarWinds, a publicly listed company with a value of over $6 billion, has its own customer list, though it doesn’t break down which products clients use. That list includes more than 425 of the Fortune 500, all major US telecoms providers, the top five U.S. accounting firms, hundreds of global universities, the NSA and the White House.
The immediate impact will be operational. The Cybersecurity and Infrastructure Agency arm of the DHS has recommended government agencies stop using SolarWinds Orion. “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA acting director Brandon Wales. “We urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
The attack will likely have a global impact, according to FireEye, which last week was the first to admit being a victim of this vast espionage campaign. The U.K.’s National Cyber Security Centre (NCSC), a branch of signals intelligence agency GCHQ, said it was monitoring the fallout. It’s also recommending that anyone running the SolarWinds system ensure that they’re installed behind firewalls and disconnected from the internet.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds said in a security advisory, in which it asked customers to update to the latest version of Orion.
Infiltrating a major software provider in so-called “supply chain attacks” has proven fruitful for hackers in the past. The infamous NotPetya attacks, in which software sold by Ukrainian accounting program provider MeDoc was “Trojanized,” crippled swathes of companies across the world with ransomware.
Russia, for its part, has denied the attacks on Facebook via its foreign ministry account. “Russia does not conduct offensive operations in the cyber domain,” it claimed.

webintern@dakdan.com

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments

Translate »
×