Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

How Russian hackers infiltrated the US government for months without being spotted

MIT Technology Review – And why it could take months more to discover how many other governments and companies have been breached – “To carry out the breach, the hackers first broke into the systems of SolarWinds, an American software company. There, they inserted a back door into Orion, one of the company’s products, which organizations use to see and manage vast internal networks of computers. For several weeks beginning in March, any client that updated to the latest version of Orion—digitally signed by SolarWinds, and therefore seemingly legitimate—unwittingly downloaded the compromised software, giving the hackers a way into their systems.  SolarWinds has around 300,000 customers around the world, including most of the Fortune 500 and many governments. In a new filing with the Securities and Exchange Commission, the firm said “fewer than” 18,000 organizations ever downloaded the compromised update. (SolarWinds said it’s not clear yet how many of those systems were actually hacked.) Standard cybersecurity practice is to keep your software up to date—so most SolarWinds customers, ironically, were protected because they had failed to heed that advice. The hackers were “extremely clever and strategic,” says Greg Touhill, a former federal chief information security officer. Even once they had gained access through the back door in Orion, known as Sunburst, they moved slowly and deliberately. Instead of infiltrating many systems at once, which could easily have raised suspicions, they focused on a small set of selected targets, according to a report from the security firm FireEye…”

Sorry, comments are closed for this post.