SolarWinds Hack: Everything We Know So Far
On December 13, 2020, reports emerged of a SolarWinds hack that affected various US government agencies like the Treasury department and private organisations like Microsoft and Intel.
SolarWinds is one of the biggest vendors for IT monitoring and management solutions and the high profile nature of its client makes this attack one of the biggest cases of cyber-espionage suffered by the US.
And now, with the attack being officially blamed on the Russian government, there is the risk of putting more tension on an already strained relationship between the US and Russia.
Here is a rundown on everything we know about the SolarWinds hack.
How the attack worked
The hackers targeted a SolarWinds server that is used to push updates to their Orion platform products.
They then injected their malware dubbed SUPERBURST into the SolarWinds update package allowing them to infect any system that applied the update.
SUPERBURST malware opens a backdoor on the infected system giving the hackers unlimited access to the system. They can steal and modify data as they please.
It was the Cybersecurity company, FireEye that discovered the SolarWinds breach as they were investigating their breach. The company determined that the hackers got into their system by leveraging a vulnerability on a SolarWinds product they were using.
Since then, more than 18,000 private and government organisations have found to be infected by the SUNBURST malware.
How the hackers got into SolarWinds
The hackers used the oldest trick in the book. Password guessing and spraying. This is according to CISA, which notes that anyone could easily guess the password that SolarWinds had used on their update server. The password was “solarwinds123”.
There was also a case of poorly secured administrative credentials that could easily be accessed through remote access services.
Organizations affected by the SolarWinds hack
Government agencies affected include:
Departments of the Homeland Security
Treasury (emails for top officials were read and stolen)
The Commerce department
Two national labs
The Federal Energy Regulatory Commission
National Nuclear Safety Agency
Private firms affected by the SolarWinds include:
Did the Russian Government hack SolarWinds
The FBI, NSA, CISA, and ODNI released a joint statement in which they named Russia as the likely origin of the attack. News reports suggest that the attack was conducted by Cozybear hacking group backed by the Russian Intelligence Agency SVR.