According to a New York Times report, over 250 organizations, including government agencies and private businesses, were impacted – The list keeps growing.
In December 2020, the cyberworld was rocked with the news of an elite group of hackers, possibly having Russian backing, infiltrating the networks of a Texas-based software provider SolarWinds. The hackers managed to trojanize the company’s most widely used software.
What followed is an extensive espionage campaign involving dozens of government institutions and businesses within the US and in other parts of the world. SolarWinds’ Orion Platform software secretly dispensed malware to spy on the users and extract documents containing sensitive data.
More than 250 Organizations Impacted
Previously, experts identified 40 agencies that were impacted by the attacks. However, The New York Times reported over the weekend that those threat actors gained access to more than 250 organizations’ networks.
Some of the attack victims identified so far include several US federal agencies such as the DHS, the State Department, Commerce Department, the National Institutes of Health, Treasury, and high-profile tech firms Microsoft, VMware, and Cisco.
The Most Devastating Breach Ever
Apart from the IT world, no one had any idea about a company named SolarWinds before the attack. It turned out that the company provided IT management solutions to hundreds of top US and European federal agencies and corporations from every sector.
The US National Security Agency and other government partner organizations used its network management platforms, including a communication network that handles classified government data.
The European Connection
According to The New York Times, SolarWinds software is maintained in Eastern Europe. The US investigators are trying to find out if the breach originated from there. This revelation has raised concerns within the cybersecurity community because many believed Russian intelligence sponsored hackers carried out the attack.
Microsoft Source Code Accessed
In its recent blog post, Microsoft’s team of researchers disclosed that during their investigation into the SolarWinds supply chain attack, they realized that some of the company’s source code was accessed by the same group of hackers. However, the company confirmed that the attackers couldn’t modify the code.
Two Different Groups Involved
Initial investigation into the incident revealed that the attackers injected Sunburst malware into the Orion Software source code. However, later investigators identified a different piece of malware dubbed Supernova.
It hints upon another threat actor’s possible involvement or another operation altogether that may not be related to the initial supply chain attack. Investigators are also trying to determine if Supernova and Sunburst malware are connected. SolarWinds claims that it doesn’t have “a definite answer at this time” regarding their possible correlation.