Hot topics close

Suspected Russian hacking spree extends beyond original target, US officials admit

The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.

The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.

The Department of Homeland Security said in a bulletin on Thursday that the spies had used other techniques besides corrupting updates of network management software by SolarWinds , which is used by hundreds of thousands of companies and government agencies.

"The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged," said DHS's Cybersecurity and Infrastructure Security Agency (CISA), referring to "advanced persistent threat" adversaries.

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the software, while also pointing out that the hackers did not exploit every network they did gain access to.

CISA said it was continuing to investigate the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of defence, state, treasury, homeland security and commerce.

As many as 18,000 Orion customers downloaded the updates that contained a back door that let hackers in. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

Special channels

But the attackers might have installed additional ways of maintaining access in what some have called the biggest hack in a decade.

For that reason, officials said that security teams should communicate through special channels to ensure that their own detection and remediation efforts are not being monitored.

The Department of Justice, FBI and Defence Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to a person briefed on the measures.

CISA and private companies including FireEye, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

Microsoft affected

On Thursday afternoon, Microsoft said it detected a malicious version of software from SolarWinds inside the company but that its investigation so far showed no evidence hackers had used Microsoft systems to attack customers.

"We detected malicious SolarWinds binaries in our environment, which we isolated and removed," a Microsoft spokesperson said, adding that the company had found "no indications that our systems were used to attack others."

However the attackers have been very careful and have deleted logs of which files they have accessed. That makes it hard to know what has been taken.

One person familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft's corporate infrastructure.

Microsoft did not immediately respond to questions about the technique.

Still, a person familiar with the matter said the Department of Homeland Security does not believe Microsoft was a key avenue of fresh infection.

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House homeland security committee and oversight committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.

In a statement, president-elect Joe Biden said he would "elevate cybersecurity as an imperative across the government" and "disrupt and deter our adversaries" from undertaking such major hacks.

Similar news
  • Russian hackers hit 250 govt agencies, firms in US: Report
  • Microsoft Starts The New Year With A Somewhat Worrying News About Getting Hacked
  • A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
  • Russia's SolarWinds Hack Is a Historic Mess
  • Cisco Hacked Through SolarWinds As Tech Casualties Mount
  • 'Deeply damaging and dangerous:' List of victims of the Russian-linked SolarWinds hack keeps widening
  • Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds
  • The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before
  • Microsoft spots more than 40 organizations hit by SolarWinds hack
  • Microsoft (MSFT) Removed Malware From SolarWinds (SWI) Hack
  • JOYY Class Action Reminder
  • Russia suspected of hacking U.S. Homeland Security, thousands of businesses
  • Canada assessing SolarWinds hack as U.S. agencies lock down
  • Canada assessing SolarWinds hack as U.S. agencies lock down
  • US Treasury, Commerce Depts. Hacked Through SolarWinds Compromise
  • DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack
  • Malicious update to SolarWinds’ Orion platform blamed for global hacks, including FireEye
  • SolarWinds' Orion monitoring platform may have been tampered with by attackers
This week's most popular news