The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort.
The U.S. Department of Homeland Security (DHS), plus the Treasury and Commerce departments, have been hacked in an attack related to the FireEye compromise last week, according to reports. In addition, defense contractors and enterprises were caught up in the attack, FireEye said, which was carried out using a supply-chain attack targeting a SolarWinds network-management platform.
The Russian foreign-intelligence service is believed to be the culprit, people familiar with the matter told the Wall Street Journal. “Hundreds of thousands of government and corporate networks” have been opened to potential risk, making it a notable attack that goes far beyond the garden-variety espionage attempt, the sources said.
The Commerce Department has confirmed that its National Telecommunications and Information Administration was hit, while the FBI said that it was “appropriately engaged.” Chris Bing, a Reuters reporter, tweeted out that the DHS has also been confirmed as a victim.
On Dec. 8, FireEye confirmed what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker was able to access certain Red Team assessment tools that the company uses to test its customers’ security.
Mandia said that based on the techniques and sophistication of the attack, he believes state-sponsored actors were behind the hack. The attacker was primarily hunting out data related to certain government customers, according to FireEye. The hack “used a novel combination of techniques not witnessed by us or our partners in the past,” he said.
Now, the Cybersecurity and Infrastructure Security Agency (CISA) said that the cyberattackers were able to infiltrate both FireEye and the government agencies via trojanized updates to SolarWind’s Orion IT monitoring and management software. The updates were pushed out between March and June, meaning that the attack has been going on for months. CISA has instructed all federal civilian agencies to cut off the use of Orion and to check for network compromise.
The attack appears to be possible thanks to a zero-day bug, researchers said.
SolarWinds acknowledged the bug in an advisory over the weekend, saying that exploitation of the issue must be done in a “narrow, extremely targeted, and manually executed attack,” and was likely the work of a nation-state. Users should upgrade to Orion Platform version 2020.2.1 HF 1 to protect themselves, it added.
Full article on https://threatpost.com/dhs-sophisticated-cyberattack-foreign-adversaries/162242/
#USA #DHS #hack #cyberattack #mindyourdata #yokdata #blog