Robert O’Brien, the National Security Adviser, cut short his foreign trip and returned to the American capital, Washington, is a clear indication of the danger of the major hack that affected dozens of governmental and non-governmental institutions and interests two days ago.
It is widely believed that the recent hacking operation is considered one of the most damaging operations in recent years. However, the size of the losses or the importance of the information that may have been viewed, copied, or corrupted is not clear.
The US Agency for Information Security (CISA) sent an urgent directive to all federal institutions to cut off electrical power to all SolarWinds computers as soon as information about the breach occurred, which confirmed the piracy process’s danger.
The Wall Street Journal reported that the hackers had planted an electronic virus on one of the company’s computers, which ran networks among its highly sensitive federal clients.
It is widely believed that hackers affiliated with the Russian government are responsible for infiltrating computer systems in many American parties, while Russia denies the accusations.
Major Hack: What happened?
Most press reports about the recent attacks point to a security vulnerability breach inside a program provided by the software monitoring company SolarWinds, a company headquartered in Austin, Texas.
The company provides services on a large scale to the federal government, including various ministries, authorities, and government research institutes. It provides the same services to thousands of major American companies. Among the most important programs that the company provides to these entities is the “Orion” program to monitor and secure their computer networks.
The company stated, “SolarWinds” that it has about 300 thousand customers, but confirms that less than 18 thousand customers use the “Orin” program hacked through.
In an interview with the US National Radio, Glenn Gerstiel, who worked as a consultant for the National Security Agency from 2015 to 2020, said that what happened is like “as if you wake up one morning and suddenly realize that a thief has entered and exited your home continuously over the past six months “.
Gerstil added that the US security services after the hacking incident “should go back and look in every room to see what was stolen, what was touched or copied, or what was left, and of course, this is just a terrifying idea,” noting that the hackers were careful not to leave traces behind.
Major Hack: Targeted parties
According to the information available so far, the list of affected US entities includes the Department of Commerce, the Department of Homeland Security, the Department of Defense (Pentagon), the Treasury, as well as the US Postal Service, the National Institute of Health, the Secret Security Service charged with protecting the US President, as well as the Federal Reserve. Lockheed Martin, Military Industries, and the National Security Agency.
The latest breakthrough comes within a long list of cyberattacks that Russia is suspected of carrying out, and US intelligence accuses Russia of using hackers and other means to influence the 2016 presidential elections. It is worth noting that US national security agencies have prevented Russia from interfering in this year’s elections.
Major Hack: How big is the hack?
Microsoft is currently making efforts to codetermine the size and nature of the breach, revealing the scope of the companies’ losses and agencies. Many of the companies affected by the attack perform the same tasks.
Various government agencies are also conducting investigations into the cyber breach, and none of them have yet revealed the details of these investigations.
Major Hack: What is the risk of the hacking process?
Gerstein says that the biggest challenge ahead of us now stems from “it is not clear what the pirates did after accessing US systems and networks.”
“This is not a question of someone tampering with software to open dams or shut down electrical networks,” he says. “It is not even clear what the attack means, and whether it aims to steal intellectual property and scientific secrets in the same way that China has stolen, for example, everything from patents for solar panels to Methods of manufacturing combat aircraft. ”
He said a break-in could be a case of espionage from a government trying to understand what its adversary is doing.
What is the position of the parties whose networks have been penetrated?
“We have been informed that this incident was most likely the result of a highly sophisticated and targeted attack by an outside country,” SolarWinds said, “but we have not independently verified the identity of the attacker.”
The company added in a statement that it is cooperating with the FBI, the US intelligence community, and other agencies to investigate the breach, “We have been alerted that the attacker is targeting our emails and other files that we use, all of which fall within the Microsoft Office 365 packages.”
The company confirmed that it is working with Microsoft to determine whether any customer data has been extracted but added that it had not found signs of stolen data so far.
Major Hack: FireEye Corporation
The cybersecurity company stated that a highly sophisticated state-sponsored adversary stole its Red Team tools, a team specializing in cyber protection used to test security vulnerabilities in its clients’ computer networks. The client list includes many government agencies.
The company said that it is working with the FBI and Microsoft. Its analysis indicates that this breach is not a self-propagating process, but rather a deliberately executed process that required careful planning and great human interaction.
Major Hack: Microsoft
The company indicated that its experts believe that “what has been done is an activity behind a country on a large scale, targeting both the government and the private sector,” and Microsoft said it shares some details about the threats it has witnessed over the past weeks.
Microsoft added that the instructions issued about updating the software company “SolarWinds” gave the hackers a foothold into their targets’ computer networks, which the attacker could use to obtain various and more important data.
She indicated that Microsoft’s defense program, known as Defender, can now detect the files used in the hack.
The company praised other companies for being open and transparent in detecting hacking attacks, saying it would help others enhance their security. As for Microsoft itself, the company said it had not yet “found evidence of a successful attack on its own systems.”