Cyberstat still surprised us using solar wind vulnerability

Cyberstat still surprised us using solar wind vulnerability

Governments and companies around the world are still trying to find out the damage done by the intruders, which popped up in the computer network three weeks ago after a widespread cyber attack was discovered by a suspected nation-state.

National Security Advisor Jake Sullivan, who is coming for the presidential election, told CNN on Sunday that Russia's SVR intelligence service is suspected by the attack - the new administration's top priority.

"Three weeks after this breach was disclosed by FireEEE, there is still much to be done, about which we are not aware. Sullivan said how far and how far the intent of the attackers extends and indeed the result. what will happen." The President-Elect has said that he will incur substantial costs for such attacks ... Besides, we are going to enhance our capabilities by giving people space, equipment in collaboration with the private sector. We can more effectively detect, prevent and respond to these attacks in the future. "

Meanwhile, the New York Times reported on 2 January that US officials were still trying to understand whether the attack was of espionage or to reach government agencies, major corporations, power grids and laboratories and develop new generations and transport. Had to do. nuclear weapon.

Experts now suspect that 250 organizations, including governments, as well as Microsoft and Amazon, were dissolved.

"The attack has raised alarm about the vulnerability of government and private sector networks in the United States and has raised questions about how and why the nation's cyber defense failed so spectacularly," the article reads. It has been written in the article. "Those questions receive particular attention that the breach has not been detected by any government agency that shares responsibility for cyber defense - operated by the Army's Cyber ​​Command and National Security Agency, both General Nakasone and the Department Are. Of Homeland Security. - but by FireEye, a private cyber security company. "

Senator Mark Warner, a Democrat from Virginia and a ranking member of the Senate Intelligence Committee, was quoted as saying "It sounds too much, I'm much worse than before." Its size keeps on expanding. It is clear that the United States government missed it. And if FireEye had not come forward, I am not sure that we would be fully aware of it by today. "

After first revealing that it had been the victim of a cyber attack, FireEye then discovered that the vehicle through which it was breached was an infected update to the SolarWinds Orion Network Management Suite, leading to the revelation. Is that a sophisticated attacker used Orion. And many tools to obtain in many government and private sector systems.

Microsoft has acknowledged that an employee account was used to view source code in multiple source code repositories. No code or engineering system was allowed to modify the account, and the company has confirmed that no changes were made. The blog looked at the source code within Microsoft, stating, "This means that we don't rely on the confidentiality of the source code to protect the products, and our threat model attackers have knowledge of the source code. So the source code Looking at. Is not tied to the height of the risk. "

However, tech news site BGR argues that looking at the source code can also threaten an actor about how to craft a new attack against an application.

The Times story also states that some compromised solar wind software was engineered in Eastern Europe. As a result, US investigators are looking into whether the solar wind has been breached where Russian intelligence is active.