Recently, hackers carried out a massive cyber attack on a US IT company SolarWinds. The hackers were able to attack the clients of SolarWinds due to a vulnerable security system. The attack went undetected for months. The investigators believe that Russian hackers likely carried out the attack. They exploited the system’s vulnerabilities and spied on various top-level US departments like the Department of Homeland Security and the Treasury Department. They also targeted a well-known cybersecurity firm like FireEye.
So what exactly happened with SolarWinds
Here’s what happened with the Texas-based IT firm, the hackers were able to break into the SolarWinds systems. Once they had access to the systems, they added a malicious code into the software system. There is a software system called “Orion” that is used by clients of SolarWinds. As per the numbers, over 33,000 clients used this Orion software.
If you use any software or any application, you see that they receive updates regularly. The updates are needed to resolve any bug and add features. SolarWinds also sent a new update to its clients in March that contained malicious code. The hackers used malicious code to access the systems of clients. Once granted entry into their systems, they installed more malware to monitor the clients.
Microsoft is another top victim of this cyberattack. While carrying out the investigation, they found out that they penetrated their system beyond mere malicious code. The security response centre says that the hackers “viewed the source code from various source code repositories,” but they couldn’t change the source code.
Microsoft investigates the attack
Microsoft hasn’t named any culprit in this attack, but they say “a very sophisticated nation-state actor” was involved. The US government thinks it was Russia. The attack brought the list of victim organizations and companies to the light.
However, Microsoft has reported that it has found no evidence of attackers accessing the customer data. It also says that they aren’t dependent on source code to keep the data secure, so viewing the source code alone doesn’t compromise the client’s privacy.
After the breach of SolarWinds was exposed, it removed the list of top-level clients from the website. You can still access the list from Google cache, but they have deleted the website’s page. SolarWinds must have taken the step to assure the clients that they are protected from further attacks and bad publicity.
SolarWinds is still not recovered from an attack that is likely linked to Russia. This particular attack was targeted towards government departments and private companies. It was the company’s software “Orion” that was used to infiltrate the victims’ systems. The attackers used software updates to spread the attacks.
The company says that even if your company’s name appears on the list doesn’t mean it’s been targeted. There are over 330,000 customers of SolarWinds. Out of that, only 33,000 use the product ‘Orion.’ Not all of the Orion users were directly affected by the attack, and some 18,000 were direct victims. Many details about the attacks are yet to come out from SolarWinds.
SolarWinds has a client base of very top-level multinational corporations and government agencies. It has 425 out of Fortune 500 companies as its clients. The top 10 telecom companies in the United States are also its users. Boeing and Los Alamos National Laboratory are also one of the clients.
There has been a rise in the number of security attacks, it puts a question in front of us that begs our attention: are we truly safe? is our data safe?
Follow us if you are interested in more tech news and updates. Drop the comments below to let us know what do you think of the attacks.