After confirming being hacked earlier in December, cybersecurity firm FireEye immediately investigated on how cyber criminals were able to break into the company's defenses. The researchers discovered vulnerability from SolarWinds Corp, one of its software providers, which allegedly compromised over 25 entities.
According to Newsweek, Mandiant senior vice president and chief technical officer Charles Carmakal said that they have investigated on 50,000 source code lines, which led to a "backdoor within SolarWinds." Mandiant is incident response arm of FireEye. Carmakal said that as soon as they discovered the backdoor, FireEye immediately contacted SolarWinds and the law enforcement.
Read also: Cit0day Leak: Around 13 Billion User Files from 23,000 Hacked Databases Shared in Two Hacking Forums
Russian hackers behind the attack
Authorities suspected that the hackers who attacked SolarWinds are part of an elite Russian cybercriminal group. Some people have attributed the attack to APT 29 or Cozy Bear, a state-sponsored Russian group, FireEye has not yet found sufficient evidence to confirm this. Meanwhile, a Russian official already denied the country's involvement on the attack.
It is expected that additional information about the attack may be revealed in the coming days. National Security Advisor Robert O'Brien cut short his trips to Europe and the Middle East to attend to the hack on U.S. government agencies. Connecticut Senator Richard Blumenthal revealed after a classified briefing on the cyberattack has left him "deeply alarmed, in fact downright scared."
Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown.
— Richard Blumenthal (@SenBlumenthal) December 15, 2020
FireEye wrote in a blog post that the recent attack is part of a global cyberattack campaign by a high-level attacker who previously targeted governments, technology, telecom, extractive, and consulting firms in Asia, Europe, North America, and the Middle East. Unfortunately, more victims are expected to come forward in the near future.
Meanwhile, the Department of Commerce has already confirmed that one of its bureaus have beenhacked while Reuters earlier reported the attacks on the Treasury Department and Department of Homeland Security.
By attacking SolarWinds, the cyber attackers were able to breach the U.S. government systems. Then, hackers compromised the software they used before accessing into their network witout getting flagged by the system security.
Related article: Turla Bacdoor Malware Group that Accessed Britney Spears' Instagram in 2017 Now Targets European Foreign Ministry
This is owned by Tech Times
Written by CJ Robles
