Blockchain, Cryptocurrency, Don't Miss, Fraud and Scams, Hot News

US Government Software Breached!

A group of hackers compromised specific software tools used by many Fortune 500 companies and several federal agencies, according to the US Department of Homeland Security and FirmEye’s statements published recently.

The software is the IT monitoring and management tool Orion developed by SolarWinds. FireEye’s report says that it is used by “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.”

The firm explained that the hacking campaign is ongoing and “may have begun as early as spring 2020”—when the attackers installed their malware into SolarWinds’ updates. The group used the “supply chain attack.” With this method, bad actors can sneakily inject their Trojans into software update infrastructures.

FireEye stated that it becomes one of the victims of a “highly evasive attacker” that used SolarWinds’ supply chain to “compromise multiple global victims with SUNBURST backdoor.”

In an official statement, SolarWind stated that it “has just been made aware” that its systems “experienced a highly sophisticated, manual supply chain attack.” The company also noted that the exploit was present in several versions of the Orion software released between March to June.

“We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds continued.

Financial Times’ report says that the company also revealed that it is cooperating in an investigation with FireEye, FBI, and other law enforcement agencies.

The DHS published an emergency directive last Sunday, urging the government agencies to disable all IT infrastructures that include SolarWinds’ Orion Products since they are “currently being exploited by malicious actors” and pretense “an unacceptable risk to Federal Civilian Executive Branch.”

The agency continued that all affected entities “should expect further communications from CISA and await guidance” and also blocks all traffic to external hosts that have any versions of SolarWinds’ Orion Software installed.

Leave a Comment

Leave a Reply