After the company suffered a breach and the theft of penetration testing tools, its investigators unearthed the wider attack campaign, alerted SolarWinds on Dec.
Outstanding QuestionsĬredit for discovering the attack campaign goes to cybersecurity firm FireEye. government agencies, including the Department of Justice and branches of the Pentagon, as well as the Commerce, Homeland Security, State, Energy and Treasury departments. Code overlap or reuse, however, is not an attribution smoking gun, because, for example, the code could have been used as a false flag.īut experts have said that the SolarWinds supply chain attack has all of the hallmarks of an espionage operation.Ĭonfirmed victims of second-stage attacks include FireEye, Microsoft and up to 10 U.S. On Monday, security firm Kaspersky noted that code in the Sunburst backdoor overlapped with code previously seen in the "Kazuar" backdoor, which security researchers have tied to Russian attackers. Some more specifically attribute the hack to Russia's foreign international service, the SVR. intelligence establishment, have attributed the campaign to a Russian advanced persistent threat group. Many cybersecurity experts and government officials, including the U.S.
"The software development and build process used by SolarWinds is common throughout the software industry, so we believe that sharing this information openly will help the industry guard against similar attacks in the future and create safer environments for customers." Numerous Victims
"We believe we have found a highly sophisticated and novel malicious code injection source the perpetrators used to insert the Sunburst malicious code into builds of our Orion platform software," SolarWinds CEO Sudhakar Ramakrishna writes in a blog post. On Monday, Austin, Texas-based SolarWinds released an update on its attack investigation, reporting that investigators have successfully reverse-engineered code that attackers injected into its software development tools.
0 kommentar(er)
