We anticipate there are additional victims in other countries and verticals," FireEye added. "The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. "The campaign is widespread, affecting public and private organizations around the world," FireEye said. Microsoft named the malware Solorigate and added detection rules to its Defender antivirus.ĭespite initial reports on Sunday and the hacking campaign doesn't appear to have been targeted at the US, specifically.
Solarwinds attack update#
The software firm said that Orion update versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, have been tainted with malware.įireEye named this malware SUNBURST and published a technical report earlier today, along with detection rules on GitHub. SolarWinds published a press release late on Sunday admitting to the breach of Orion, a software platform for centralized monitoring and management, usually employed in large networks to keep track of all IT resources, such as servers, workstations, mobiles, and IoT devices. Hackers deployed SUNBURST malware via Orion update In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected. Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).įireEye wouldn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community told ZDNet the APT29 attribution, done by the US government, is most likely correct, based on current evidence. Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House, a day earlier, on Saturday. The Washington Post cited sources claiming that multiple other government agencies were also impacted. The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week. Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.įireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and Information Administration (NTIA). Cyber security 101: Protect your privacy from hackers, spies, and the government
0 kommentar(er)
