It started with the Treasury Department notification of “a sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet & telecommunications.”
Within hours the origin of that massive data breach was identified by the federal Cybersecurity Infrastructure and Security Agency (CISA) as a significant risk to government databases and private sector businesses. The breach was attributed to computer intrusion through SolarWinds Orion:
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.” (read more)
The Dept of Homeland Security (DHS) also dispatched a warning, and further reporting on the issue pointed out the intrusion itself took place in May of 2020 and the malware was constructed to disguise itself within the SolarWinds’ system.
A cyber security firm, FireEye, found the intrusion door, identified the source code and tracked it to SolarWinds. FireEye then notified law enforcement and federal agencies who then began reviewing the breach:…Continue Reading