A large-scale cyberattack has hit several federal government departments as well as untold numbers of private businesses, who are all connected because of their use of a business known as “Solar Winds.” Several press releases hit the airwaves altering the American people to a highly technical concern, which could place the American National Security at risk.
“By noon EST today, the CISA will know which US govt agencies were affected by the SolarWinds vulnerability. CISA reporting to the DNI will allow the DNI to give Trump emergency powers as per his 2018EO. The first domino has fallen, and everything is in motion now,” Code Monkey, a source close to Attorney Sidney Powell, posted on Twitter posted about the CISA updates.
According to a press release on Sunday night, “the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a complete reply to CISA by 12pm Eastern Standard Time on Monday, December 14, 2020, “the CISA press released said.
NOTICE DOMINION VOTING SYSTEMS USE SOLAR WINDS
ORDER OF OFFICIAL TWEETS
According to FireEye:
“Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
FireEye has uncovered a widespread campaign that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is a highly skilled actor and the operation was conducted with significant operational security.
SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.”
Yahoo News covered Fireeye on Dec. 10 and reported they had been hacked by someone they believed was looking for information on “government -related customers”:
“Shares of FireEye FEYE depreciated 13.1% on Wednesday after the company revealed that it has become a victim of a cyberattack. In a Dec 8 blog posted by the company, the company’s CEO Kevin Mandia disclosed that attackers have stolen the “Red Team” tools used by the company’s officials for testing customer security.
FireEye believes the attack has been probably carried out by hackers from a foreign adversary, terming it a “highly sophisticated cyber threat actor.” The company couldn’t identify the country it suspects. However, according to various media reports, investigators doubt Russia for the act.
FireEye also revealed that the motive behind this attack isn’t clear yet, but it seems the hackers were targeting on collecting unauthorized information about certain government-related customers. Nonetheless, management claims that customer data is still intact.”
Mandia stated, “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.
FireEye noted that it is working closely with the Federal Bureau of Investigation (FBI) and some of its partners, including Microsoft Corporation MSFT, and conducting an in-depth investigation on the breach. Management also said that it has developed more than 300 countermeasures to safeguard its customers and has published information that can neutralize the stolen tools.
This is not the first time when hackers have attacked a cybersecurity company. In 2011, RSA Security revealed about a data breach which hackers used to attack one of its customers — Lockheed Martin Corporation LMT. Additionally, Juniper Networks JNPR had disclosed about a cyber attack in 2015.”