LONDON (Reuters) – Suspected Russian hackers accessed an American Internet provider and a county government’s systems in Arizona as part of a cyber-espionage campaign revealed this week, according to an analysis of publicly available web records.
The hack, which hijacked the ubiquitous network management software created by SolarWind Corp. to evade the raids of US government agencies and was first reported by Reuters, is one of the largest security teams ever and Sent security teams around the world to prevent damage.
Network infiltration at Cox Communications and local government in Pima County, Arizona, show that hackers spy on low-profile organizations, including victims, including the US Department of Defense, the state and Homeland Security.
A spokesperson for Cox Communications said the company was working “around the clock” with the help of external security experts to investigate any consequences of the solar safety compromise. “Safety is the top priority for the services we provide,” he said.
In comments sent to Reuters, Pima County Chief Information Officer Dan Hunt said his team followed the US government’s advice to immediately offline SolarWinds software after the hack was discovered. He said investigators found no evidence of further violations.
Reuters identified the victims by running a coding script released here on Friday by researchers at Kaspersky, a Moscow-based cyberspace firm, to decrypt online web records left behind by attackers.
Kaspersky researcher Igor Kuznetsov said the web record, known as CNAME, is an encoded unique identifier for each victim and shows which of the thousands of “backdoors” are available to hackers.
“Most of the time these are sleeping backside,” he said. “But this is when the real hack starts.”
CNAME records relating to Cox Communications and Pima County were included in a list of technical information published by the US cyber security firm FireEye Inc., the first victim to discover and reveal a hack.
John Bambenek, a security researcher and president of Bumbenk Consulting, said he also used Kaspersky equipment to decode CNAME records published by FireEye and found they were connected to Cox Communications and Pima County.
The records show that Cox Communications and backdoor in Pema County became active in June and July of this year, the peak of hacking activity so far identified by investigators.
It is unclear what, if any, information was compromised.
SolarWinds, which on Monday revealed its reluctant role at the center of the global hack, has said that 18,000 users of its Orion software downloaded a compromised update containing malicious code imposed by the attackers.
As the fallout continued to roam Washington with confirmation of violations at the US Department of Energy on Thursday, US officials warned that hackers had used other attack methods and urged the organizations to consider if they had recently If not using the versions then they will be preserved. SolarWinds Software.
Microsoft, which was one of thousands of companies receiving malicious updates, said it had currently informed more than 40 customers whose networks had been infiltrated by hackers.
About 30 of those customers were in the United States, he said, with the remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most employed information technology companies as well as some think tanks and government organizations.
“It is certain that the number and location of victims will continue to increase,” Microsoft President Brad Smith said in a blog post here.
“The installation of this malware created an opportunity for attackers to pick and choose and choose from among the customers they wanted to attack further, seemingly in a narrow and more focused fashion.”
Reporting by Jack Stubbs; Editing by Chris Sanders and Edward Tobin