Governments and companies around the world are still trying to figure out the damage done by intruders who got into computer networks following the discovery of a widespread cyberattack by a suspected nation-state over three weeks ago.
Jake Sullivan, the incoming national security advisor for President-elect Joe Biden told CNN on Sunday that the attack — suspected to have been orchestrated by Russia’s SVR intelligence service — will be a top priority of the new administration.
“There is still a lot, even three weeks after FireEye revealed this breach, that we don’t know about. The intent of the attackers, how far and wide it has spread and precisely what will result from this,” Sullivan said. “The President-elect has said he will impose substantial costs for attacks like this … In addition, we are going to enhance our capabilities by putting the people in place, the tools in place, the co-operation with the private sector in place so we can more effectively detect, deter and respond to these attacks when they take place in the future.”
Meanwhile, the New York Times reported on Jan. 2 that American officials are still trying to understand whether the attack was espionage or aimed at inserting “backdoor” access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons.
Experts now suspect as many as 250 organizations, including governments, as well as Microsoft and Amazon, were broken into.
The attack has “set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly,” the article reads. “Those questions have taken on particular urgency given that the breach was not detected by any of the government agencies that share responsibility for cyber defense — the military’s Cyber Command and the National Security Agency, both of which are run by General Nakasone, and the Department of Homeland Security — but by a private cybersecurity company, FireEye.”
Senator Mark Warner, Democrat of Virginia and the ranking member of the Senate Intelligence Committee, was quoted saying “This is looking much, much worse than I first feared. The size of it keeps expanding. It’s clear the United States government missed it. And if FireEye had not come forward, I’m not sure we would be fully aware of it to this day.”
After first revealing that it had been the victim of a cyberattack, FireEye then discovered that the vehicle through which it had been breached was an infected update to the SolarWinds Orion network management suite it uses, which led to the revelation that a sophisticated attacker used Orion and other tools to get into many government and private sector systems.
Microsoft has acknowledged that one employee account had been used to view source code in a number of source code repositories. The account did not have permission to modify any code or engineering systems, and the company has confirmed no changes were made. The blog added that source code viewable within Microsoft which, it said, “means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to an elevation of risk.”
However, the tech news site BGR argues that even looking at source code could give a threat actor ideas of how to craft a new attack against an application.
The Times story also says some of the compromised SolarWinds software was engineered in Eastern Europe. As a result, American investigators are looking at whether the breach at SolarWinds happened there where Russian intelligence is active.