The large-scale cyber attack on the American software maker SolarWinds, which affected several government departments and private companies, was carried out from the United States. The statement was made yesterday by the Assistant Advisor to the President of the United States for National Security, Anne Neuberger, at a press conference in Washington (video below).
“The hackers carried out a hack in the United States, which made it difficult for the American government to monitor its activities,” she said. According to the advisor, nine federal agencies and about a hundred private sector companies were affected among the 18 thousand who downloaded Orion, the compromised product.
“Many of the compromised companies are technology companies, including networks of companies whose products can be used to carry out additional attacks,” said Neuberger.
The government is now trying to discover the true extent of the attack, and the investigation is expected to take several months, he added. She also explained that the hackers had done a lot of work that required careful preparation. “We believe they took several months to plan the operation,” she said.
Neuberger noted that the APT (Advanced Persistent Threat) group responsible for the attack was “probably of Russian origin”. Based on what such a conclusion was made, the deputy counselor did not explain.
The attack on SolarWinds’ supply chain became known in early December last year, after information security firm FireEye published a report on the results of an investigation into the theft of tools used by its experts to find vulnerabilities.
As part of the malicious campaign, cybercriminals have implemented a backdoor on updates to the SolarWinds Orion platform. As a result, the malicious update was installed by around 18,000 organizations. In particular, the malware was found on the U.S. Department of the Treasury, Telecommunications and Information Administration (NTIA) networks of the U.S. Department of Commerce, U.S. Department of Homeland Security, FireEye, Microsoft, Mimecast, Palo Alto Networks, Qualys, Fidelis Cybersecurity, etc.
Microsoft President Brad Smith has named the incident “the biggest and most sophisticated attack the world has ever seen.” The company estimates that more than 1,000 experts participated in the hacking organization.
With international agencies
Source: CisoAdvisor
