30 percent of SolarWinds hack victims didn't run the software, CISA head says
The SolarWinds hack is in need of a new name, America's top cybersecurity investigators say.
In late 2020, foreign hackers exploited the widely used SolarWinds software to gain access to hundreds of thousands of federal government computers, as well as private companies' networks. But it turns out that around 30 percent of computers previously thought to be hacked via SolarWinds didn't even run the software, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, tells The Wall Street Journal.
The idea that SolarWinds was the only avenue for the suspected Russian attack limited its potential victims to the software's relatively small user base. But hackers linked to the attack also seem to have broken into government and private accounts by guessing passwords and exploiting issues in Microsoft's cloud-based Office software used by millions of people, government investigators said. "It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign," Wales told the Journal.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Cybersecurity company Malwarebytes backed up investigators' findings, saying last week that it faced the same hackers as the SolarWinds attack. But Malwarebytes doesn't even use SolarWinds; rather, the hackers found a loophole in a Microsoft Office 365 account to break in. The revelation made Malwarebytes' CEO Marcin Kleczynski wonder what software is even safe to keep on company computers. "How do I know that Zoom or Slack isn’t next and what do I do?" Kleczynski questioned when talking to the Journal.
Around 18,000 government and private computers are thought to have been compromised in the hack, including networks in the Pentagon, State Department, Justice Department, and other top agencies. President Biden brought up the attack in his first call with Russian President Vladimir Putin.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Kathryn is a graduate of Syracuse University, with degrees in magazine journalism and information technology, along with hours to earn another degree after working at SU's independent paper The Daily Orange. She's currently recovering from a horse addiction while living in New York City, and likes to share her extremely dry sense of humor on Twitter.
-
Today's political cartoons - December 21, 2024
Cartoons Saturday's cartoons - losing it, pedal to the metal, and more
By The Week US Published
-
Three fun, festive activities to make the magic happen this Christmas Day
Inspire your children to help set the table, stage a pantomime and write thank-you letters this Christmas!
By The Week Junior Published
-
The best books of 2024 to give this Christmas
The Week Recommends From Percival Everett to Rachel Clarke these are the critics' favourite books from 2024
By The Week UK Published
-
Nobody seems surprised Wagner's Prigozhin died under suspicious circumstances
Speed Read
By Peter Weber Published
-
Western mountain climbers allegedly left Pakistani porter to die on K2
Speed Read
By Justin Klawans Published
-
'Circular saw blades' divide controversial Rio Grande buoys installed by Texas governor
Speed Read
By Peter Weber Published
-
Los Angeles city workers stage 1-day walkout over labor conditions
Speed Read
By Justin Klawans Published
-
Mega Millions jackpot climbs to an estimated $1.55 billion
Speed Read
By Catherine Garcia Published
-
Bangladesh dealing with worst dengue fever outbreak on record
Speed Read
By Catherine Garcia Published
-
Glacial outburst flooding in Juneau destroys homes
Speed Read
By Catherine Garcia Published
-
Scotland seeking 'monster hunters' to search for fabled Loch Ness creature
Speed Read
By Justin Klawans Published