The SolarWinds incident has shown us that there is no institution too big to be breached and no organization is completely safe from ransomware, and now we are seeing a new victim of this security incident. 

Associated Press reports that unauthorized intrusions happened during the SolarWinds supply-chain attack, when SolarWinds, the central point of entry, was compromised by threat actors in December. 

The attackers were able to plant a malicious Orion software update that was deployed and affected thousands of organizations like Microsoft, FireEye, the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), and the DHS, among many others

The DHS breach allowed the cybercriminals to access email accounts belonging to the Trump administration’s former head of the DHS, Secretary Chad Wolf, as well as other members of the staff focused on investigating foreign cybersecurity threats, making Wolf, and the others to start using new phones and communicate through the Signal encrypted messaging platform following this important security breach. 

Using both automated and manual processes, we worked to determine the scope of SolarWinds Orion software products employed across the DoDIN. Each instance was immediately isolated and disconnected from DoD networks. Meanwhile, NSA worked to understand the adversary’s intent and illuminate additional tradecraft and infrastructure to inform threat detection and asset response activities. Finally, we prepared to support and assist other federal departments and the Defense Industrial Base in bounding their respective problems.

Source

General Paul Nakasone, leader of United States Cyber Command (USCYBERCOM), declared just last week that Russia, which presumably is behind the attack, is a “sophisticated cyber adversary” and it’s closely watched when it comes to national security, same as China, North Korea, and Iran are.

Moscow conducts effective cyber espionage and other operations and has integrated cyber activities into its military and national strategy.

Despite public exposure and indictments of Russian cyber actors, Russia remains focused on shaping the global narrative and exploiting American networks and cyber systems.

Source

In light of the SolarWinds breach, the US is considering a “range of options” to combat cybersecurity risks during 2021 and beyond, with the White House wanting to expand federal investments in infrastructure and to build an “unmatched talent base” able to protect the country from cyber threats, whilst elevating the international engagement on cyber issues, working closely with allies to uphold shape global norms in cyberspace.

The US believes that Russia is the “likely” culprit behind the SolarWinds hack that took place back in January, and labeled the incident as “an intelligence-gathering effort”, whilst Russia has denied any type of involvement in the matter. 

cover photo for heimdal security news
2021.03.22 QUICK READ

Mimecast Discloses Source Code Theft in SolarWinds Breach

Heimdal Featured Image
2021.03.04 QUICK READ

The SolarWinds Incident May Be the Start of New Data Breach Notification Law in the US

Is Signal secure? article cover image
2021.01.19 SLOW READ

Is Signal Secure? An Analysis of its History, Encryption Protocol, and Privacy Policy

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP