The cyberattack on SolarWinds was the brainchild of a group from China, said Microsoft. Its team has detected a zero-day remote code execution exploit, being used to attack SolarWinds software which has been connected to DEV-0322, a group operating out of China. Hackers installed malware in the Orion software and hacked at least 250 federal agencies and top firms in the US after exploiting the CVE-2021-35211 vulnerability.
Russian group ‘Nobelium’, which was behind the SolarWinds attack and recently Microsoft has issued warning against them, have now targeted 150 firms including govt organizations and NGOs. The victims are from 24 countries and 25% were involved in international development, humanitarian, and human rights work. Nobelium used constant contact, as they distributed fake emails as authentic ones containing a link which when clicked inserts a virus into the device.
Microsoft, which late last year identified the group behind SolarWinds cyberattack, has issued a warning saying it is now targeting govt agencies, think tanks, consultants, and NGOs. Russian originated Nobelium is the actor behind SolarWinds attack in 2020 launched an attack this week into the USAID. A new wave of attacks targeted 3,000 email IDs across 150+ organisations. The US and Britain have blamed Russian intelligence agency SVR in an attempt to gather intel.
SolarWinds hackers have got access to email accounts of the Trump administration’s head of the Department of Homeland Security and other key members, the department responsible for eliminating threats emanating from foreign soil, news agency AP said. The intelligence value of hacking is not known yet. The hack, however, raises serious questions over the USA govt’s ability to protect individuals, firms and institutions, if it can’t protect itself.
Security experts and the office of U.S. Senator Ron Wyden said Microsoft’s failure to fix the known vulnerability with its cloud software made it easy for the SolarWind hackers to target the nine federal agencies and 100 other firms. The vulnerability, known since 2017, allowed hackers to fake the identity of authorized employees to gain access to customers’ cloud services and was one of the techniques used in the SolarWinds hack.
At the US Senate panel, executives at SolarWinds, Microsoft and FireEye and CrowdStrike defended their actions in breaches that were blamed on Russian hackers and sought to shift responsibility elsewhere in testimony. The executives demanded transparency and information-sharing about breaches, asked for protection and a system that does not punish those who come forward. The hack targeted about 100 US firms and nine federal agencies.
With clients investing heavily in network defences after the sophisticated cyber-attack by suspected Russian hackers that uncovered vulnerabilities in software supply chains, Palo Alto Networks reported its first $1 bn quarter of revenue. Sales escalated by 25% to $1.02 bn, according to Bloomberg, which is the biggest YOY increase in seven quarters. Over 18,000 SolarWinds clients were exposed to Russian malware in the recent past.
The Solarwinds hackers gained access to Microsoft’s secret source code for authenticating customers, potentially aiding one of their main attack methods. Microsoft reported that the hacker has studied and copied source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs which allowed them to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.
About Nine federal agencies and 100 private sector companies were targeted by the SolarWinds hackers which is being assumed to be of “Russian Origin” as said by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. Hackers installed malware in the Orion software sold by the IT management company SolarWinds. Tech giants like Intel, Cisco, VMware and Nvidia, have suffered part of the SolarWinds hack.