SolarWinds supply chain attack affected 250 organizations

According to a report, the SolarWinds attack has impacted over 250 organizations, including government agencies and private businesses.

According to a New York Times report, over 250 organizations, including government agencies and private businesses, were impacted – The list keeps growing.

SolarWinds Attack

In December 2020, the cyberworld was rocked with the news of an elite group of hackers, possibly having Russian backing, infiltrating the networks of a Texas-based software provider SolarWinds. The hackers managed to trojanize the company’s most widely used software.

What followed is an extensive espionage campaign involving dozens of government institutions and businesses within the US and in other parts of the world. SolarWinds’ Orion Platform software secretly dispensed malware to spy on the users and extract documents containing sensitive data.

More than 250 Organizations Impacted

Previously, experts identified 40 agencies that were impacted by the attacks. However, The New York Times reported over the weekend that those threat actors gained access to more than 250 organizations’ networks.

Some of the attack victims identified so far include several US federal agencies such as the DHS, the State Department, Commerce Department, the National Institutes of Health, Treasury, and high-profile tech firms Microsoft, VMware, and Cisco.

The Most Devastating Breach Ever

Apart from the IT world, no one had any idea about a company named SolarWinds before the attack. It turned out that the company provided IT management solutions to hundreds of top US and European federal agencies and corporations from every sector.

Elon Musk: Russian hacker tried hiring Tesla worker for malware attack

The US National Security Agency and other government partner organizations used its network management platforms, including a communication network that handles classified government data.

Tweets from Reuters’ cyber reporter Chris Bing

The European Connection

 According to The New York Times, SolarWinds software is maintained in Eastern Europe. The US investigators are trying to find out if the breach originated from there. This revelation has raised concerns within the cybersecurity community because many believed Russian intelligence sponsored hackers carried out the attack.

Microsoft Source Code Accessed

In its recent blog post, Microsoft’s team of researchers disclosed that during their investigation into the SolarWinds supply chain attack, they realized that some of the company’s source code was accessed by the same group of hackers. However, the company confirmed that the attackers couldn’t modify the code.  

Two Different Groups Involved

Initial investigation into the incident revealed that the attackers injected Sunburst malware into the Orion Software source code. However, later investigators identified a different piece of malware dubbed Supernova.

Microsoft Defender for Endpoint detections across the Solorigate attack chain

It hints upon another threat actor’s possible involvement or another operation altogether that may not be related to the initial supply chain attack. Investigators are also trying to determine if Supernova and Sunburst malware are connected. SolarWinds claims that it doesn’t have “a definite answer at this time” regarding their possible correlation.

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter

1 comment

Comments are closed.

Related Posts