Massive cyber attack hits U.S. government agencies
December 18, 2020 - Following a global cyber-espionage attack that penetrated multiple U.S. government agencies and private organizations, governments worldwide are scrambling to see if they, too, are victims.
The so-called supply chain attack targeted Texas-based SolarWinds, which provides its Orion Platform network monitoring services to government agencies and companies.
According to U.S. news sources, Russian group Cozy Bear carried out the attack. Cozy Bear -- also known as Advanced Persistent Threat 29, or APT29 -- works for the Russian Foreign Intelligence Service (SVR) as well as the Federal Security Service (FSB), the former KGB.
Hackers managed to access highly secure networks of 18,000 government and private computers between March and June when users installed updates of SolarWinds Orion software.
Backdoors in the software gave the hackers access to classified information, including internal emails at top government organisations. Among U.S. government agencies affected are the Energy Department, which is responsible for managing U.S. nuclear weapons. Other agencies include the Pentagon, Department of Homeland Security, Commerce Department, Treasury Department U.S. Postal Service and National Institutes of Health.
Although the breach started ten months ago, it was not discovered until U.S. cybersecurity company FireEye, which uses Orion, found it had suffered an attack in December.
“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at FireEye’s incident response arm. After discovering the backdoor, FireEye alerted SolarWinds and law enforcement, Carmakal said.
The long lag between infection and discovery would have given hackers plenty of time to download vast amounts of classified information.