Bottom Line Up Front: The Department of Homeland Security (DHS), U.S. Treasury, and U.S. Commerce department were hacked, in addition to some defense contractors and other companies, in a supply-chain attack targeting the SolarWinds network-management platform. A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network.
Details: On December 8th, the Cybersecurity company FireEye confirmed what their CEO described as a highly targeted cyberattack. Based on the sophistication of the attack, experts at this time believe the attack was state-sponsored and carried out by Russia’s foreign-intelligence service. The Russian embassy in Washington D.C. called these claims “unfounded attempts of the U.S. media to blame Russia.” the Cybersecurity and Infrastructure Security Agency (CISA) said that the cyberattackers were able to infiltrate both FireEye and the government agencies via trojanized updates to SolarWind’s Orion IT monitoring and management software. The updates were pushed out between March and June, meaning the attack has been going on for several months. CISA instructed all federal civilian agencies to cut off the use of Orion and to check for network compromise. The exact scope of the attack is still unknown, but according to Solarwinds’ website, they have more than 300,000 customers around the world including: the Secret Service, the U.S. Post Office, Lockheed Martin, and the National Security Agency (NSA). The former head of CISA, Chris Krebs, said in a statement that any companies using Solarwinds should assume that they have been compromised by this attack.
Even the Government isn’t immune from cyberattacks. Always use best practices and multiple layers of security to best protect yourself from potentially devastating attacks.