Hackers used obscure Texas IT vendor to attack US agencies – tech2.org

Hackers used obscure Texas IT vendor to attack US agencies


At the epicenter of the most widespread cyber-attack in memory recently, is a two-decade-old Austin, Texas-based software manufacturer called SolarWind Corp, while barely known outside of the geeky tech circle, on its client list. Every branch of the US claims the Fortune 500 military and four-fifths.

Many of those customers found themselves enslaved to the attack as suspected Russian hackers inserted a vulnerability into a popular SolarWinds software product designed to give users a bird’s eye view of various web of applications that kept humming their actions. it was done.

In a filing to the US Securities and Exchange Commission on Monday, SolarWinds said it believed its surveillance products could be used to compromise more than 18,000 servers of its customers. Those clients include government agencies around the world and some of the largest corporations in the world.

The company has “made aware of a cyber attack, which has inserted a vulnerability within its Orion monitoring products, which, if present and active, could possibly allow an attacker to compromise the server on which the Orion product Let’s go, “according to the filing. “SolarWinds has been advised that the incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”

SolarWinds fell 17% on Monday and closed at $ 19.62. The company said it has sent mitigation steps to relevant customers and is providing an additional “hotfix” update on 15 December.

APT 29, a hacking group linked to the Russian government, is suspected to be behind the breach. The Commerce Department was violated, as reported by the Departments of Homeland Security and Treasury, Reuters.

The global hacking campaign also included a December 8 cyber attack on cyber security firm FireEye Inc.

The Russian embassy has denied any involvement in the hack, stating that Russia “does not conduct offensive operations in the cyber domain.”

Governments and companies are now racing to determine how such a security disaster occurred, and how an obscure company founded by two brothers in the 1990s now appears to be at the heart of a potentially major Russian intelligence coup .

According to its website, SolarWinds has over 300,000 customers. Outside the US, SolarWinds has picked up contracts for the UK National Health Service, the European Parliament and NATO, according to its website.

According to a January article on the company’s website, the company was founded in Tulsa more than two decades ago by brothers David Yones and Donald Yones after hearing from friends. He said, “We were all part of the same discussion in technology. ‘Why can’t someone just be a tool X?’ The difference was that they had decided to do something about it. “

SolarWinds provides network monitoring needs for government agencies and private sector companies, marketing on their LinkedIn page as “Everybody IT”. SolarWinds has taken its webpage as a description of its US government and private sector customers.

Its Orion product is a powerful and important monitoring tool that allows computer system administrators to see the state of a company’s or organization’s network at a glance. Because Orion provides information about the entire network, it also has access to sensitive parts of the network.

“It gives you visibility over our entire network and allows you to respond quickly when a server or router is down,” said Obsidian Security Chief Technology Officer Ben Johnson. “But if you are trying to do global monitoring of systems and traffic, there is very reliable access.”

Gartner Inc. SolarWinds’ other main competitors are Cisco Systems Inc. and Microsoft, a household name, behind SolarWinds Splunk Inc. and International Business Machines Corp., the number three manufacturer of IT operations software, according to data provided by Cisco Systems Inc. and Microsoft.

According to blog posts from FireEye and Microsoft Corporation, hackers entered the Orion update system and introduced malicious code as legitimate Orion updates. The malicious vulnerability was present in the update between March and June. According to Firing, the hacking tool embedded within the update also stored stolen data within the Orion software. The result is that hackers can spy on a company’s network, appearing as legitimate traffic.

As of mid-day on Monday, the malicious update was still available for download on SolarWind’s website, according to Karim Hijazi, founder and chief executive of Maryland-based cybercity firm Privalion Inc. Hijazi said his team compared available alerts with identifying downloads to tamper updates, and is an exact match.

This seems to contradict the statement the company made earlier in the day that Orion products downloaded after June did not have a vulnerability. When asked about continued access to the malicious file, SolarWinds denied the claim and sent the SEC back to the Bloomberg reporter over the company’s statement. After the email exchange, the web page hosting the malicious software update was taken down, Prevailion said. Now it reads, “Not found.”

The number of victims is likely to climb as companies and the government counter their computer systems to mark hackers.

According to FireEye, “victims have included government, consulting, technology, telecommunications and civic bodies in North America, Europe, Asia and the Middle East.” “We hope that there are additional victims in other countries and verticals.”

The breadth of the damage from the hacking campaign is still unknown. Russian hackers first prioritized the most valuable intelligence targets, meaning that not every SolarWinds customer had time to penetrate. “Once you get to know, when you start pulling everything out of you,” Johnson said. “It’s going to be a crazy week.”

© Copyright 2020 Bloomberg News. All rights reserved.

.

Leave a Reply

Your email address will not be published.