A powerful cybersecurity attack has been underway against the United States for several days, prompting a significant government response, according to the CISA, FBI, and ODNI.
As a result of this cyber-attacks potential to exploit government and private companies’ data, the agencies have formed a Cyber Unified Coordination Group (UCG) to respond to the incident. Currently, the cyber-attack scope is not known but has affected systems within the federal government and likely extends far beyond those systems.
The origin of the cybersecurity issue is believed to stem from a hack of the SolarWinds Orion software. SolarWinds Orion is a complete I.T. SaaS system, integrating several aspects of a business or entity’s data into a single platform. The SolarWinds system is utilized at the federal government level and over 400 different Fortune 500 companies.
It has been reported that the hacking malware was put into place earlier in the year. Experts believe that the timeline places the origin as early as March. The hackers uploaded malware into the SolarWinds Orion software system’s update files and were then released to the users that downloaded the program. Still, it is unknown how many systems throughout the U.S. have been affected by this hacking effort.
Furthermore, the APT (Advanced Persistent Threat) actors will continue to pose a threat to the infected systems and potentially others as well. It is believed that the SolarWinds Orion software malware program was only one way in which the hackers were able to exploit vulnerabilities in such system.
The sophistication of the attacks and the patience that the hackers used in infiltrating the systems are a great source of worry within the intelligence communities. It suggests that the party or parties involved in the hack are well-funded and well-trained.
Officially, the U.S. government has not named any specific suspects into the breach, and it is not likely that information will come to light until the UCG is certain. The government has not yet made public the types of information that were targeted during the hack. It is believed that the malware provided the hackers with the ability to gain just about any access they wanted.
“CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises,” according to a statement released by CISA.
Presently, the members of the UCG are working to generate and follow leads on the origin of the attack while educating the victims of the attack on how to re-secure their systems following the security breach. For those that have been affected, it is essential to seek remediation for their systems.
The UCG is also asking that people be on the lookout for other apparent suspicious system behavior since other software providers may have been hacked simultaneously as SolarWinds Orion.
If you think you may have a security breach in your systems, or you'd like the peace of mind that you're protected, we can perform a network assessment for you, click below.