Dec 18, 2020 11:29:00

It turns out that a large-scale cyber attack on government agencies was approaching nuclear weapons related organizations and Microsoft

The update file of SolarWinds security software 'Orion' has been replaced by a cyber attack group with one containing malware, which

was used for hacking targeting many government agencies , and the United States Department of Energy and the National Nuclear Security Administration It turns out that the station (NNSA) network was accessed by a hacker. It has also been pointed out that Microsoft, which had taken measures such as seizing the domain used in this attack, also used SolarWinds software.

Nuclear weapons agency breached amid massive cyber onslaught --POLITICO
https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855

Exclusive: Suspected Russian hacking spree reached into Microsoft --sources | Reuters

https://www.reuters.com/article/usa-cyber-breach-exclusive-int-idUSKBN28R3E2

According to the Department of Energy and NNSA, traces of suspicious activity believed to be by hackers are within the network of the Federal Energy Regulatory Commission, Sandia National Laboratories, Los Alamos National Laboratory, NNSA Security Administration, and the Department of Energy's Richland field office. It was confirmed in. Both laboratories are involved in the development of nuclear weapons, and the Department of Transportation is also an important department involved in the transportation of nuclear weapons, but according to the Department of Energy, 'it has not been invaded by important defense systems.'

The Cyber Integrated Coordination Group (UCG), formed by the FBI, the Cyber Security Infrastructure Security Agency (CISA), and the Director of National Intelligence (ODNI), is responding to this large-scale cyber attack.

Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) | CISA
https://www.cisa.gov/news/2020/12/16/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure

UCG is continuing its efforts to elucidate the whole picture, and although it has not been identified who the attacking group is, security experts are a group called 'UCN2452' supported by Russian government intelligence. It points out that.

Hacker group 'UCN2452' that intercepted confidential information of government agencies and companies around the world revealed the method --GIGAZINE

Microsoft has taken measures against this case by seizing the domain used for the attack, but it is known that Microsoft itself used the network management software made by SolarWinds. However, the number of Microsoft users affected by updates including malware cannot be identified immediately. Microsoft has not commented on this one.

Since this large-scale cyber attack uses means other than malware distribution by exploiting the already revealed update of SolarWinds software, CISA said, 'Apply the update of SolarWinds software. Don't think it's okay if you don't. ' In addition, it is said that we are investigating what 'other means' are.