AGL 38.02 Increased By ▲ 0.08 (0.21%)
AIRLINK 197.36 Increased By ▲ 3.45 (1.78%)
BOP 9.54 Increased By ▲ 0.22 (2.36%)
CNERGY 5.91 Increased By ▲ 0.07 (1.2%)
DCL 8.82 Increased By ▲ 0.14 (1.61%)
DFML 35.74 Decreased By ▼ -0.72 (-1.97%)
DGKC 96.86 Increased By ▲ 4.32 (4.67%)
FCCL 35.25 Increased By ▲ 1.28 (3.77%)
FFBL 88.94 Increased By ▲ 6.64 (8.07%)
FFL 13.17 Increased By ▲ 0.42 (3.29%)
HUBC 127.55 Increased By ▲ 6.94 (5.75%)
HUMNL 13.50 Decreased By ▼ -0.10 (-0.74%)
KEL 5.32 Increased By ▲ 0.10 (1.92%)
KOSM 7.00 Increased By ▲ 0.48 (7.36%)
MLCF 44.70 Increased By ▲ 2.59 (6.15%)
NBP 61.42 Increased By ▲ 1.61 (2.69%)
OGDC 214.67 Increased By ▲ 3.50 (1.66%)
PAEL 38.79 Increased By ▲ 1.21 (3.22%)
PIBTL 8.25 Increased By ▲ 0.18 (2.23%)
PPL 193.08 Increased By ▲ 2.76 (1.45%)
PRL 38.66 Increased By ▲ 0.49 (1.28%)
PTC 25.80 Increased By ▲ 2.35 (10.02%)
SEARL 103.60 Increased By ▲ 5.66 (5.78%)
TELE 8.30 Increased By ▲ 0.08 (0.97%)
TOMCL 35.00 Decreased By ▼ -0.03 (-0.09%)
TPLP 13.30 Decreased By ▼ -0.25 (-1.85%)
TREET 22.16 Decreased By ▼ -0.57 (-2.51%)
TRG 55.59 Increased By ▲ 2.72 (5.14%)
UNITY 32.97 Increased By ▲ 0.01 (0.03%)
WTL 1.60 Increased By ▲ 0.08 (5.26%)
BR100 11,727 Increased By 342.7 (3.01%)
BR30 36,377 Increased By 1165.1 (3.31%)
KSE100 109,513 Increased By 3238.2 (3.05%)
KSE30 34,513 Increased By 1160.1 (3.48%)
World

US Homeland Security, thousands of businesses scramble after suspected Russian hack

  • Because the attackers could use SolarWinds to get inside a network and then create a new backdoor, merely disconnecting the network management program is not enough to boot the hackers out, experts said.
Published December 15, 2020

LONDON/WASHINGTON: The US Department of Homeland Security and thousands of businesses scrambled Monday to investigate and respond to a sweeping hacking campaign that officials suspect was directed by the Russian government.

Emails sent by officials at DHS, which oversees border security and defense against hacking, were monitored by the hackers as part of the sophisticated series of breaches, three people familiar with the matter told Reuters Monday.

The attacks, first revealed Sunday, also hit the US departments of Treasury and Commerce.

Technology company SolarWinds, which was the key steppingstone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.

The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software which it said had been compromised by "malicious actors."

That warning came after Reuters reported suspected Russian hackers had used hijacked SolarWinds software updates to break into multiple American government agencies, including the Treasury and Commerce departments. Moscow denied having any connection to the attacks.

One of the people familiar with the hacking campaign said the critical network that DHS' cybersecurity division uses to protect infrastructure, including the recent elections, had not been breached.

DHS said it was aware of the reports, without directly confirming them or saying how badly it was affected.

DHS is a massive bureaucracy among other things responsible for securing the distribution of the COVID-19 vaccine.

The cybersecurity unit there, known as CISA, has been upended by President Donald Trump's firing of head Chris Krebs after Krebs called the presidential election the most secure in American history. His deputy and the elections chief have also left.

The Pentagon said on Monday it is aware of the reports but was not able to comment on "specific mitigation measures or specify systems that may have been impacted."

The National Security Agency and Joint Force Headquarters Commanders issued guidance and directives to protect DoD networks and IT systems.

SolarWinds said in a regulatory disclosure it believed the attack was the work of an "outside nation state" that inserted malicious code into updates of its Orion network management software issued between March and June this year.

"SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000," it said.

The company did not respond to requests for comment about the exact number of compromised customers or the extent of any breaches at those organisations.

It said it was not aware of vulnerabilities in any of its other products and it was now investigating with help from US law enforcement and outside cybersecurity experts.

SolarWinds boasts 300,000 customers globally, including the majority of the United States' Fortune 500 companies and some of the most sensitive parts of the US and British governments - such as the White House, defence departments and both countries' signals intelligence agencies.

Investigators around the world are now scrambling to find out who was hit.

A British government spokesman said the United Kingdom was not currently aware of any impact from the hack but was still investigating.

Three people familiar with the investigation into the hack told Reuters that any organisation running a compromised version of the Orion software would have had a "backdoor" installed in their computer systems by the attackers.

"After that, it's just a question of whether the attackers decide to exploit that access further," said one of the sources.

Early indications suggest that the hackers were discriminating about who they chose to break into, according to two people familiar with the wave of corporate cybersecurity investigations being launched Monday morning.

"What we see is far fewer than all the possibilities," said one person. "They are using this like a scalpel."

FireEye, a prominent cybersecurity company that was breached in connection with the incident, said in a blog post that other targets included "government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East."

Because the attackers could use SolarWinds to get inside a network and then create a new backdoor, merely disconnecting the network management program is not enough to boot the hackers out, experts said.

For that reason, thousands of customers are looking for signs of the hackers' presence and trying to hunt down and disable those extra tools.

Comments

Comments are closed.