/* ---- Google Analytics Code Below */

Wednesday, February 10, 2021

SolarWinds Hacking Overviewed

Considerable look at the problem and many links to current work in progress. 

Tracking the Hackers

By David Geer    Commissioned by CACM Staff

U.S. government agencies were among those affected by the Solarwinds hack.

A nine-month SolarWinds breach and multiple network occupations by nation-state hackers is the seed pod for a broad, deep string of global security breaches yet to appear or reach disclosure. The details are disheartening to the cybersecurity community and customers everywhere.

On December 8, 2020, FireEye reported that nation-state hackers stole its Red Team assessment tools. FireEye uses the tools to assess its customers' network vulnerabilities. The cybersecurity firm discovered the theft resulted from a breach of SolarWinds' Orion Platform of infrastructure monitoring products. FireEye was a customer of fellow cybersecurity company SolarWinds. FireEye reported the hack to SolarWinds, which published details of the breach on December 13. Microsoft and FireEye traced the attack to the Russian S.V.R.-affiliated hacker group Cozy Bear, also known as APT29.

According to Jeff Horne, CSO of Ordr, an Internet of Things (IoT) security firm, APT29 added the Sunburst Trojan backdoor to the SolarWinds.Orion.Core.BusinessLayer.dll file in the Orion Platform products source code repository as part of a supply-chain attack. From there, says Horne, SolarWinds built, tested, and digitally signed its software update before deploying it from its update server.  ... " 

No comments: