Global security teams assess impact of suspected Russian cyber attack

Reuters

Posted at Dec 14 2020 11:11 PM

LONDON - Global security teams moved on Monday to contain the fallout of a widespread cyberattack by suspected Russian hackers, who have been able to spy on the customers of US information technology company SolarWinds unnoticed for more than eight months.

The US Department of Homeland Security issued an emergency warning on Sunday, ordering users to disconnect and disable SolarWinds software which it said had been compromised by "malicious actors."

The US warning came after Reuters reported that suspected Russian hackers had used hijacked software updates to break into multiple American government agencies, including the Treasury and Commerce departments.

Russia denied having any connection to the attacks.

SolarWinds, which says its customers include most of the United States' Fortune 500 companies, said the attack was conducted "by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack."

But two people familiar with the investigation told Reuters that any organization running an updated version of the company's Orion network management software would have had a "backdoor" installed in their computer systems by the attackers.

"After that, it's just a question of whether the attackers decide to exploit that access further," said one of the sources.

Investigators at Microsoft said in a blog post https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks they had first seen malicious copies of the SolarWinds software deployed by the hackers last March.

In Britain, where publicly-available SolarWinds sales documents show multiple government departments use the company's software, a spokesman for Prime Minister Boris Johnson said investigations were ongoing.

"The National Cyber Security Center is working to assess any UK impact, but we're not aware of any UK-related impact at this time," the spokesman told reporters.

Kremlin spokesman Dmitry Peskov said the allegations reported by Reuters and other media outlets were false.

"If there have been attacks for many months, and the Americans could not do anything about it, it is probably not worth immediately groundlessly blaming the Russians," he said. "We didn't have anything to do with it." 

RELATED VIDEO

Watch more News on iWantTFC