SolarWinds cyberattack has already been named a historical. Yet the information regarding the number of customers who were affected by the malicious soft remains unknown. However, the preliminary number is estimated at 18,000 of corporate clients.
Leading US state agencies responsible for the investigation of the attack and protecting the state from cyberthreats - the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence - admit that the attack was performed by the Russian state.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” commented the US State Secretary Mike Pompeo on Friday.
Outgoing Attorney General William Barr said that the large-scale SolarWinds hack of US governmental establishments “certainly appears to be” the work of Russia.
The homeland security adviser to President Donald Trump and the deputy homeland security adviser to President George Bush Thomas Bossert warned that since obtained the control over the system, Russian Foreign Intelligence Service (S.V.R.) will use its access to governmental networks it considered to be priority targets.
“For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove… In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation.”
Following days of silence regarding the source of the network breach, Donald Trump downplayed the seriousness of the attack and pointed not the Russia but China as possible source of the threat. Trump unreasonably claimed that the hack could have affected voting software in presidential election held in November this year. This was the latest far-fetched conspiracy theory the president has suggested in his refusal to admit the defeat in recent election.
The SolarWinds hack began in March, however, the attack was disclosed much later this month when the attackers used access gained before to break into the US’s cybersecurity firm FireEye. It is believed that the hackers first broke computer systems of SolarWinds. The security measures taken by SolarWinds were considered not reliable enough in 2018, when the company was criticized for using the password “solarwinds123” for its update server.
On December 9, an employee of FireEye received an alert that someone had logged into the company’s VPN using their credentials from a new device. Over 100 FireEye employees engaged in the response, which required to comb through 50,000 lines of code to suss out any abnormalities.
Apart the FireEye firm, the attack targeted a list of large enterprises worldwide: the US Department of State, Homeland Security, Commerce (US NTIA), the Treasury, the National Institutes of Health, the Cybersecurity and Infrastructure Agency (CISA), the National Nuclear Security Administration (NNSA), and the US Department of Energy (DOE). The list was replenished by Microsoft, Cisco Systems, Intel, VMware, Deloitte, Nvidia, Belkin.
Microsoft said that more than 40 of its customers became the victims of Russian hackers.
In general, nearly 40% of companies were in the IT sector, while another 18% were government targets. 80% were based in the US. The rest 20% were situated in Mexico, Canada, the United Kingdom, Belgium, Spain, Israel, and the UAE.
FireEye CEO Kevin Mandia called it “an attack by a nation with top-tier offensive capabilities.” He later said the hackers’ main goal appeared to be to steal corporate and sensitive information from the company’s government clients.
A week since the attack was reported, US state agencies and private entities conduct the investigation and keep working on the developing a full picture of the extent of the breach and the potential damage.