The year 2020 has been a peculiar year no doubt, but it would have been too boring withing a cyberattack to end it with a bang or so some hackers thought.
No stone was left unturned as a long list of US organizations including the Treasury, Homeland Security, State Department, Commerce, and even the Pentagon were not spared from a highly sophisticated digital spying operation suspected to be of Russian origins.
SolarWinds reported on Monday that no fewer than 18000 of its customers may have been affected in a massive and sophisticated Data Breach that is still under investigation. SolarWind’s Orion network monitoring product was hacked, their tools maneuvered to deliver Trojan Horses in a highly distributed method based on preliminary reports from FireEye, which was also coincidentally breached.
Reports revealed that the Hackers gained entry into their victim’s systems through what has now been described as a “supply chain” attack i.e takes advantage of routine software patches sent to high-value clients.
The hackers first targeted the Orion Software by corrupting the software updates for all systems using the software with veritable digital signatures, then stole some cyberattack tools from FireEye still in research, which was how the whole operation was discovered.
The compromised patched then created a backdoor for these hackers to delete, view, or modify files and also steal credentials to further cover their tracks.
Many have been advised to update their software or do away from Orion tools for the time being while the issue is investigated. In what seems to be the first of its kind, the attackers managed to bypass the multi-factor authentication.
The most mind-blowing aspect of it is that the malware has been in distribution since March this year and was only recently discovered by FireEye.
The US Cybersecurity department and Infrastructure Security Agency are still trying to unravel the extent of the attack and the extent of vulnerability. The covertness and time frame of this attack has to be one of the most extensive of all time.