The hacker group behind the ongoing SolarWinds scandal has found other ways to infiltrate US businesses and public agencies than just harming the titular software company. In fact, almost a third of the victims of the hood – about 30%“Has no connection with SolarWinds at all,” a senior federal security official said this week.
Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency, told the Wall Street Journal that the hackers “gained access to their targets in various ways” and that it was “absolutely correct that this campaign should not be considered the SolarWinds campaign.”
Indeed, the cyber security scandal – which turns out to be the largest in American historyUnfortunately, ‘SolarWinds’ became known after hackers used trojan malware to infiltrate the company and its customers through its popular Orion software, an IT management program frequently used by government agencies.
But, as previously reported, the hackers seem to have it used a multitude of strategies to worm into American entities – not just by hacking into Orion. This included use improperly secured credentials, do password spraying, and even seemingly just guess passwords. They have also jeopardized other businesses that are independent of the SolarWinds supply chain, such as Microsoft, FireEye and Malwarebytes, and apparently also used Microsoft’s cloud-based Office software to gain access to certain government agencies.
Indeed, investigators are still confusing the path of the hackers and the path they followed as they move in a major U.S. supply chain. The Wall Street Journal reports:
According to a person familiar with the SolarWinds investigation, SolarWinds itself is investigating whether Microsoft’s cloud was the hackers’ initial point of access to its network.
G / O Media can get a commission
The cap has affected an alarming number of powerful federal agencies, including the Department of Defense, the federal judiciary, the treasury, the departments of commerce, labor, and state, the DOJ, and the National Nuclear Security Administration (NNSA), which is responsible for securing America’s nuclear stockpile , amongst other things.
President Joe Biden promised to punish the culprits—Which recently said that he would insure ‘significant costs’ for those responsible. He also promised to invest heavier in efforts to secure federal agencies and said he would make cyber security a more central, strategic part of his presidency than his predecessor did.
The US government has blamed Russia for the hack, issued a statement earlier this month in which it states “an actor of Advanced Persistent Threat (APT), probably of Russian origin, is responsible for most or all of the recent, ongoing cyber-compromises of both government networks and non-government networks.”
However, some private companies were more careful with the attribution. Benjamin Reed, the director of threat intelligence at FireEye (who was also hacked by the same actor) recently said he “Not enough evidence seen” to determine whether the actor came from Russia, although he calls it “plausible”. Russia has denied responsibility.