Photographer: Tripplaar Kristoffer / SIPA / AP Photo
Photographer: Tripplaar Kristoffer / SIPA / AP Photo
At least 200 organizations, including government agencies and companies around the world, have been hacked as part of a Russian cyber attack that inserted malicious code into a commodity program. -a software that has been widely used, said a cybersecurity company and three people familiar with ongoing audits.
The number of hockey victims has been one of many unanswered questions regarding the cyber attack, which used a backdoor in SolarWinds Corp. network management software. Orion as a base for further attacks.
Up to 18,000 SolarWinds customers received a malicious update that included the background, but the number is likely to be slowed down – meaning the attackers used the background range to introduce computer networks – much less.
Recorded Future Inc., a Massachusetts-based cybersecurity company, has identified 198 victims who were hacked using the background of SolarWinds, said threat analyst Allan Liska. Three others said that the investigation so far has shown that the hackers were further harming at least 200 victims, moving within the computer networks or trying to obtain user credentials. – what cybersecurity experts call “keyboard” activity. The final number could come from there.
The same recorded future, or those familiar with the investigation, did not identify victims. The number is expected to grow as the wider survey continues. It is not yet known why the hackers were, and it is not clear what they reviewed or stole from the computer networks they hacked into.
The start of months at Hackers Hamstrings Probe of US Breach
Of the approximately 18,000 SolarWinds customers who received the infectious update, more than 1,000 experienced the malicious code connecting a second-level “command and control” server known as hackers, giving them the option to add more to the network, according to public. available data and all three. Command and control spies are used by hackers to control malicious code once it is inside a target network. Of that more than 1,000, researchers have so far confirmed that at least 200 have been further studied.
The next step would be for the hackers themselves to enter the computer network.
A spokesman for SolarWinds said the company “remains focused on working with customers and experts to share information and work to better understand this issue. ”
“It is still early days of the inquiry,” the spokesman said.
Hackers linked to the Russian government have been suspected from the start, Secretary of State Michael Pompeo on Friday gave confirmation in an interview.
Detect FireEye SolarWWs Breaking while exploring Hack
“A huge effort has been made to use third-party software to establish code within U.S. government systems, and it now features systems of private companies and companies and governments across the world. world too, ”Pompeo said in a radio interview. “It was a huge effort, and I think it is now possible to say clearly that the Russians were involved in this activity. ”
On Saturday, President Donald Trump denounced the hack on Twitter and suggested that China, not Russia, may be responsible, and the acting chairman of the Senate Intelligence Committee, Marco Rubio, said , that it was “increasingly clear that Russian cyber attack was introduced by Russian intelligence in our history. ”
The main U.S. cybersecurity agency has issued Thursday’s warning said the hackers posed a “serious threat” to federal, state and local governments, as well as critical infrastructure and the private sector. The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said the attackers were patient, well-resourced, and “showcased luxury and complex craftsmanship. ”
CISA also said it had found evidence of other potential backdoors in addition to the SolarWinds Orion platform, suggesting that there may be completely different groups of unidentified victims. still.
Microsoft Corp. said. Thursday that 40 of their customers had been sacked, that the attacks were ongoing, and that the number of victims is expected to rise. Among those hit were anonymous cybersecurity companies, government agencies, and government contractors, about 80% of whom are in the US
Cybersecurity company FireEye Inc. The first victim reported being shot, on Dec. 8, and said while investigating his own breakup, investigators at the company found background SolarWinds. Microsoft said it found SolarWinds’ malicious update within its network, but found no evidence of access to “product services or messenger data.”
– Supported by Jordan Robertson