U.S. officials are scrambling to learn the extent of a potentially massive cyberespionage campaign that infiltrated at least the Treasury and Commerce departments, but they believe they know how the suspected Russian government hackers broke in. The cybersecurity firm FireEye, which disclosed last week that it has been hacked, said late Sunday it has determined the monthlong "global campaign" had been perpetrated via malware inserted in the security update of SolarWinds' popular Orion server management software.
SolarWinds, based in Austin, says its 300,000 customers include the White House, all five branches of the U.S. military, the Pentagon, the State Department, the Justice Department, the National Security Agency, NASA, and the 10 top U.S. telecommunications firms and five leading accounting firms. It attributed the compromised software to a "highly sophisticated, targeted, and manual supply chain attack by a nation state." FireEye said the infected security update appears to have been released in the spring.
The Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) issued a rare directive late Sunday for "all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately." The SolarWinds breach "poses unacceptable risks to the security of federal networks," said acting CISA Director Brandon Wales, "and we urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation."
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The number of targets was likely limited by the labor-intensive requirements of this particular hack, cybersecurity experts said. But the attack, believed to have been carried out by the APT29 or Cozy Bear arm of Russia's SVR foreign intelligence service, will still likely end up being extensive and damaging.
"This is looking very, very bad," one person familiar with the hack told The Washington Post. "This can turn into one of the most impactful espionage campaigns on record," cybersecurity expert Dmitri Alperovitch told The Associated Press, noting that the Orion software grants remote, "God-mode" access to networks. Another person familiar with the breach told The Wall Street Journal it's a "10" out of 10 in terms of several and national security implications.
Russia's U.S. Embassy denied that Moscow was behind the attacks, calling the allegations "unfounded attempts of the U.S. media to blame Russia."
-
September 13 editorial cartoonsCartoons Saturday's political cartoons include court-approved racial profiling and America's moral compass
-
Giorgio Armani obituary: designer revolutionised the business of fashionIn the Spotlight ‘King Giorgio’ came from humble beginnings to become a titan of the fashion industry and redefine 20th century clothing
-
Kim Jong Un’s triumph: the rise and rise of North Korea’s dictatorIn the Spotlight North Korean leader has strengthened ties with Russia and China, and recently revealed his ‘respected child’ to the world
-
New York court tosses Trump's $500M fraud fineSpeed Read A divided appeals court threw out a hefty penalty against President Trump for fraudulently inflating his wealth
-
Trump said to seek government stake in IntelSpeed Read The president and Intel CEO Lip-Bu Tan reportedly discussed the proposal at a recent meeting
-
US to take 15% cut of AI chip sales to ChinaSpeed Read Nvidia and AMD will pay the Trump administration 15% of their revenue from selling artificial intelligence chips to China
-
NFL gets ESPN stake in deal with DisneySpeed Read The deal gives the NFL a 10% stake in Disney's ESPN sports empire and gives ESPN ownership of NFL Network
-
Samsung to make Tesla chips in $16.5B dealSpeed Read Tesla has signed a deal to get its next-generation chips from Samsung
-
FCC greenlights $8B Paramount-Skydance mergerSpeed Read The Federal Communications Commission will allow Paramount to merge with the Hollywood studio Skydance
-
Tesla reports plummeting profitsSpeed Read The company may soon face more problems with the expiration of federal electric vehicle tax credits
-
Dollar faces historic slump as stocks hit new highSpeed Read While stocks have recovered post-Trump tariffs, the dollar has weakened more than 10% this year
