Cyber attack in US: around 50 firms suffered the security breach.
Recently US discovered a massive cyber attack in US government and named it Solar wind cyber attack. Reports says it has emerged as one of the biggest cyber attack on US government, its agencies, and several other private companies. And this attack is discovered by US cyber security company FireEye.
when it is discovered?
News of the cyber attack in US is given by FirEye on their blog post on December 8, 2020. FireEye security firm provide IT security services to private big companies and federal government agencies.
FireEye CEO Kevin Mandia wrote in a blogpost saying that “Solar Wind company was attacked by a highly sophisticated threat actor”. Also CEO Kevin calling this attack “a state sponsored cyber attack in US”.Although he did not named Russia behind this attack.
It also said that this attack was carried out by a nation ” with top tier offensive capabilities” because a normal attacker can’t carry out this level of cyber attack in US. and the attacker tried to steal the information related to certain government customers.
It is also said that methods used by the attackers were novel. means this type of attack is never carried out in history.
Then on December 13, 2020. FireEye said Cyberattack, which it named Campaign UNC2452, was not limited to the company SolarWinds but had affected various public and private sector organisations around the world.
The attacking campaign likely began in March 2020 and has been ongoing for months, the post said. and the extend of data stolen by the attackers is till unknown.
How this cyber attack in US is being carried out?
The method of attack used by the attackers is called Supply chain attack. Instead of directly attacking the federal government or private organisation’s network.
The attackers attacked Third party vendor who supplies software to government agencies and big private companies and that is why it is being called supply chain attack.
In this case, the target was an IT management software called Orion, supplied by the Texas based company Solar Winds. This Orion software is used by almost 33000 companies.
Solar Winds says 18000, of its clients have been impacted. The list included 425 companies in fortune 500, the top 10 telecom operators in the US.
The Pentagon , centers for Disease control and prevention, the State department, the Justice department, and others were all impacted.
How did hackers gained access?
According to FireEye hackers gained access into their network via Trojanized updates to Solar Winds’ Orion IT monitoring and management software.
Basically a software update with Sanburst Malware is given by the hackers to the Orion software users. and more than 17000 users updated through that Trojanized update.
Sanburst Malware is capable of accessing the files system. Once this malware installed, the malware gave a backdoor entry to the hackers to the systems and network of Solarwinds’ customers. Even security tools and antiviruses cant detect this malware.
what the US government said, and how Russia is involved?
The New York TImes openion article, named Russia and its agency SVR, which has the capability to execute this level of attack.
The FBI, CISA and director of national intelligence announced Cyber unified Coordination Group (UCG) who will coordinate with each other and tackle with the crisis. Although white House and Donald trump have been silent over the cyber attack in US.
However president elect Joe Biden said we need to give more strength to our IT security systems so that in future no such attack can be carried out in future.
TroboSuggests: Always check the authenticity of the update or new software before downloading. make sure you are downloading it from the official website.
Thanks for reading my blog, stay tuned and stay updated and dont forget to share this info with your friends and family.