This emerges from a mandatory stock exchange report. In it, SolarWinds also allows Office 365 accounts to be compromised. The security provider Cybereason describes the processing of the incident as the world's largest forensic investigation.
SolarWinds
in an official stock exchange announcement further details about the hacker attack published that allowed
the attacks allegedly Russian hackers on US government departments and the
security vendor FireEye. The software provider also assumes that the
backers acted with the support of a nation-state. Also, the Orion
software manipulated by the cyberspies is said to have reached fewer than 18,000 SolarWinds customers.
The
company has a total of 300,000 customers. Of these, however, only 33,000
are said to use the Orion platform to monitor and manage their IT environment. Up
to 18,000 customers affected installed one of the software versions 2019.4 to
2020.2.1, infected with malware by the hackers, between March and June 2020.
Nevertheless,
all 33,000 users of the Orion software were informed on Sunday. Also, SolarWinds announced again that it will provide a patch on Tuesday
that will remove the malicious code from all customers' systems.
In
addition, detailed analyzes from Microsoft, FireEye and the
US cybersecurity authority CISA have been available to those affected
since Sunday to be able to track down and eliminate a possible
infection with the malware known as a sunburst. However, it is still unclear
how the hackers managed to break into SolarWinds' systems to add
malicious code to the Orion software.
However,
SolarWinds also admitted in its listing that the company's Office 365
accounts had been compromised. It is still being investigated whether
customer data was also stolen. However, SolarWinds did not discover this
attack itself - it only became aware of this through Microsoft.
The
attack on SolarWinds is likely to be one of the most serious hacker attacks of
2020 - after all, the perpetrators also fell into the hands of FireEye security
tools that were developed to detect vulnerabilities in company networks. According
to Forbes, US authorities such as Cyber Command, the Department of Defense,
the Department of Homeland Security, and the FBI are also customers of
SolarWinds. However, it is not known whether these authorities also use
the Orion software.
“As early as March, Russian hackers belonging to the Cozy Bear group smuggled malware into the Solar Winds IT management platform and waited months to detonate it. So far we know that the Department of Homeland Security, the US Treasury Department and the US Department of Commerce have been hacked. As do many of the Fortune 500 companies in the world, including many UK companies. What happens when the world's largest forensic investigation continues and affects more than 20,000 companies? ”Commented Sam Curry, Cybereason's chief security officer. “In general, this is not the time for security professionals to panic. A practical and measured reaction is advisable. "
Protect Microsoft Windows PC from the hacker by installing antivirus software.

No comments:
Post a Comment