Access barriers to Orion, computer systems monitoring software, were breached. Suspicions are against the Russian government and Russian hacker groups.
Security agencies and investigations of the United States officially confirmed cyberattacks against the Government of that country.
The cybersecurity of the Treasury and that of the Department of the States, Agriculture, Commerce, Defense, Health, and National Security respectively were attacked. The attack lasted from March to mid-December; during that time, relevant information on the registration of movements in these organizations suffered.
The attack also injured the companies FireEye, Think Tank, and SolarWinds. The latter, a provider of computer services, was the entry point for the attackers.
On December 16, SolarWinds announced that its systems “suffered a highly sophisticated manual attack on the supply chain of its Orion software.” As a consequence, government entities saw their security compromised. The investigation of the facts is ongoing.
SolarWinds Company offers network monitoring and other technical services to companies and organizations around the world. Its clients include government agencies from the United States and also from countries in Europe and Asia.
Russian Might be the Authors
“The FBI is investigating and gathering elements to attribute prosecute and interrupt the work of the responsible actors,” said the investigative agency in a statement. “The FBI is engaging with known and suspected victims, and the information obtained through these efforts is up to provide hints that will push network advocates and our government partners to take actions against this threat,” the department added.
On the other hand, CISA (Cybersecurity and Infrastructure Security Agency) took immediate action and issued an emergency order instructing all federal agencies to disconnect or shut down all potentially affected SolarWinds Orion products.
“CISA remains in regular contact with the Government, the private sector and international partners, providing technical assistance upon request and making available the information and resources necessary to help that affected recover quickly from this incident,” the FBI reported.
SolarWinds argues that the attack had features that suggest that it was devised by state agencies of a foreign nation. The information SolarWinds released so far shows that the suspicions fall mainly on groups of Russian origin.
According to the Washington Post, the Foreign Intelligence Service of the Russian Federation and the group of hackers Cozy Bear, also known as APT29, would be behind this attack. For Democratic Senator Richard Durbin, who takes this hypothesis of a Russian attack for granted, the event is a “virtual declaration of war.”
Cyberattacks are becoming a common practice
Espionage and cyber-attacks between nations and against international organizations are common practice. The United States does not refrain from conducting them; the Donald Trump administration authorized the CIA to carry out computer attacks against specific targets. Since 2018, the Agency has conducted at least disruptive operations, hacks, and cyber-attacks against Iran, Russia, China, and North Korea.
Attempts to attack the United States are not uncommon either, although these are usually neutralized. For example, as jointly reported by the FBI and CISA last week, attacks aimed at “targeting US organizations conducting COVID-19-related investigations” were detected. Those responsible, according to this statement, would have a relationship with the Government of China.
These actors have been observed, and their actions show that they attempt to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, network testing, and personnel involved in COVID-19-related research. The possible theft of this information jeopardizes the delivery of safe, effective, and efficient treatment options”. This was a statement from the FBI and CISA.
By: Jenson Nuñez.
