Jan 03, 2021 19:00:00

A cyber attack on US government agencies by a hacking group supported by the Russian government 'Solorigate' may be more damaging than initially expected

It has been reported that a hacking group suspected of involving the Russian government has carried out cyber attacks on many companies and organizations, including US government agencies. The New York Times reported that the cyberattack 'may be more damaging than originally expected.'

As Understanding of Russian Hacking Grows, So Does Alarm --The New York Times

https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html

SolarWinds hack may be much worse than originally feared --The Verge
https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity

In July 2020, it was reported that the Russian government-backed hacker group ' CozyBear ' was launching a cyberattack on companies and research institutes involved in research on the new coronavirus infection (COVID-19). .. Furthermore, in December 2020, it was discovered that CozyBear had launched a cyberattack against US government agencies. In response to this attack, Microsoft seized the domain used in the hacking attack, and the actual situation of the attack gradually became clear.

The attack by CozyBear was carried out by replacing the update of the network monitoring software ' Orion Platform ' provided by security company SolarWinds with one containing malware. The Orion Platform is believed to have been distributed to 18,000 companies, including US Treasury, State Department, and National Nuclear Security Administration, as well as large corporations such as Microsoft and Cisco, so the damage caused by CozyBear's cyberattacks is widespread. It has been suggested that there are many possibilities. The attack by CozyBear through the update of Orion Platform is called 'Sun Burst' or 'Solorigate'.

What is the attack on SolarWinds' Orion Platform, which Microsoft president says is 'one of the most serious cyberattacks in the last decade?' --GIGAZINE

The New York Times reports a follow-up on this 'Solorigate,' which may be more damaging than initially estimated. According to media reports, about 250 government agencies and companies are believed to have been victims of cyber attacks.

According to The New York Times, intelligence agencies such as the US Cyber Command and the US National Security Agency (NSA) have installed early warning sensors within networks outside the US to detect potential cyberattacks. That thing. However, since 'Solorigate' was implemented from within the United States via the software supply chain, it seems that it succeeded in evading detection by the US Cyber Command and the NSA's early warning sensor.

Microsoft also updated its

security blog on December 31, 2020, saying, 'A survey of the environment within Microsoft found no evidence of access to production services or customer data. Among the ongoing investigations. We haven't found any signs that our system was used to attack others, 'says Solorigate, which is unlikely to spread hacking damage to customers via Microsoft's services.

However, at the same time, anomalous activity was detected in some of the internal accounts, and we found that one account was being used to view the source code in many source code repositories. It is also confirmed that this internal account does not have the authority to change the code or engineering system, and there is no trace of the change.

Microsoft claims that open source software development does not depend on product confidentiality. It also emphasizes that it is building defense-in-depth for cyberattacks, claiming that it is implementing industry best practices such as implementing privileged access workstations to protect privileged accounts. I will.

In addition, Senator Mark Warner, a member of the US Senate Information Task Force, said, 'Much worse (about Solorigate),' 'The scale of the damage continues to grow,' 'The US government has made this cyberattack. It's clear that he missed it. '