U.S. still puzzled by cyberattack that used SolarWinds vulnerability

Governments and companies around the world are still trying to figure out the damage done by intruders who got into computer networks following the discovery of a widespread cyberattack by a suspected nation-state over three weeks ago.

Jake Sullivan, the incoming national security advisor for President-elect Joe Biden told CNN on Sunday that the attack — suspected to have been orchestrated by Russia’s SVR intelligence service — will be a top priority of the new administration.

“There is still a lot, even three weeks after FireEye revealed this breach, that we don’t know about. The intent of the attackers, how far and wide it has spread and precisely what will result from this,” Sullivan said. “The President-elect has said he will impose substantial costs for attacks like this … In addition, we are going to enhance our capabilities by putting the people in place, the tools in place, the co-operation with the private sector in place so we can more effectively detect, deter and respond to these attacks when they take place in the future.”

Meanwhile, the New York Times reported on Jan. 2 that American officials are still trying to understand whether the attack was espionage or aimed at inserting “backdoor” access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons.

Experts now suspect as many as 250 organizations, including governments, as well as Microsoft and Amazon, were broken into.

The attack has “set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly,” the article reads. “Those questions have taken on particular urgency given that the breach was not detected by any of the government agencies that share responsibility for cyber defense — the military’s Cyber Command and the National Security Agency, both of which are run by General Nakasone, and the Department of Homeland Security — but by a private cybersecurity company, FireEye.”

Senator Mark Warner, Democrat of Virginia and the ranking member of the Senate Intelligence Committee, was quoted saying “This is looking much, much worse than I first feared. The size of it keeps expanding. It’s clear the United States government missed it. And if FireEye had not come forward, I’m not sure we would be fully aware of it to this day.”

After first revealing that it had been the victim of a cyberattack, FireEye then discovered that the vehicle through which it had been breached was an infected update to the SolarWinds Orion network management suite it uses, which led to the revelation that a sophisticated attacker used Orion and other tools to get into many government and private sector systems.

Microsoft has acknowledged that one employee account had been used to view source code in a number of source code repositories. The account did not have permission to modify any code or engineering systems, and the company has confirmed no changes were made. The blog added that source code viewable within Microsoft which, it said, “means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to an elevation of risk.”

However, the tech news site BGR argues that even looking at source code could give a threat actor ideas of how to craft a new attack against an application.

The Times story also says some of the compromised SolarWinds software was engineered in Eastern Europe. As a result, American investigators are looking at whether the breach at SolarWinds happened there where Russian intelligence is active.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now