The Post says that the SolarWinds update server was breached and delivered compromised updates to government machines to gain access. I'm surprised that the government machines receiving updates...
The Post says that the SolarWinds update server was breached and delivered compromised updates to government machines to gain access. I'm surprised that the government machines receiving updates aren't more locked down, and that IT isn't verifying the integrity of updates then pushing it out internally.
Edit: Here's a detailed post from FireEye about the attack. I skimmed it and hope to read it all in the morning. Regarding my initial impressions: this was a sophisticated attack and I know good IT practices can only go so far. Even FireEye was impacted by the SolarWinds attack, and I'm sure countless others...
Edit 2: In the detailed write-up, it is clearly stated:
Authorized system administrators fetch and install updates to SolarWinds Orion via packages distributed by SolarWinds’s website.
The threat actors "trojanized" legitimate looking updates, which were properly digitally signed, and pushed through the SolarWinds official domains. There were other actions the attackers used to hide their tracks. It's quite an attack.
From the article: Followup from the Washington Post:
From the article:
There is concern within the U.S. intelligence community that the hackers who targeted the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies.
The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.
The hack involves the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.
The scale of the Russian espionage operation is potentially vast and appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds is used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.
The Post says that the SolarWinds update server was breached and delivered compromised updates to government machines to gain access. I'm surprised that the government machines receiving updates aren't more locked down, and that IT isn't verifying the integrity of updates then pushing it out internally.
Edit: Here's a detailed post from FireEye about the attack. I skimmed it and hope to read it all in the morning. Regarding my initial impressions: this was a sophisticated attack and I know good IT practices can only go so far. Even FireEye was impacted by the SolarWinds attack, and I'm sure countless others...
Edit 2: In the detailed write-up, it is clearly stated:
The threat actors "trojanized" legitimate looking updates, which were properly digitally signed, and pushed through the SolarWinds official domains. There were other actions the attackers used to hide their tracks. It's quite an attack.
From the article:
Followup from the Washington Post: