SolarWinds appears to have made it easy for the attacker to breach their supply chain. The updated software contained a backdoor that permitted Russian eavesdropping on every computer that contained the Orion software. When customers downloaded legitimate fixes from SolarWinds, they got a Russian wiretap along with it. The server that held the updated software was compromised when Russian hackers found a hole in SolarWinds network security, pivoted to the update server through the network, broke into that server, added a vulnerability to the patch pushed to customers, and recompiled the update to look innocent. To keep the more than 300,000 customers that use Orion on the latest version, SolarWinds would occasionally push out an update that client machines would receive and install. That tool was and remains widely deployed in U.S.
The breach occurred via the Orion IT network management software developed by the Texas company SolarWinds. Sources: ChannelE2E and MSSP Alert.Ĭontinue to page two for earlier timeline dates.To understand why the SolarWinds breach was an act of espionage, and not an act of war, it is worth considering the technical details of the breach. Also, the N-able (formerly SolarWinds MSP) spin-out is on track for Q2, 2021.
SolarWinds Earnings, N-able Spin Out: SolarWinds today announced its first quarterly results since disclosing the Orion security incident in December 2020. 
SolarWinds CEO Sudhakar Ramakrishna, Microsoft President Brad Smith, and FireEye CEO Kevin Mandia are due to address a joint hearing of the House Committees on Oversight and Reform and Homeland Security.
More SolarWinds Breach Hearings: Cybersecurity executives are due to face their second round of Congressional questions today over their companies’ roles in the sprawling series of digital intrusions blamed on the Russian government. Sources: Microsoft, FireEye, March 4, 2021. More Malware: Blogs from Microsoft and FireEye describe more malware that may be tied to the SolarWinds Orion hack. 
See this web page and this guide for details.
Guidance Recap: The CISA issued specific guidance on remediating networks affected by the SolarWinds and Active Directory/Microsoft 365 compromise. Updated CISA Guidance: The CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. Source: Associated Press, March 29, 2021. The accounts were allegedly accessed as part of the SolarWinds Orion hack. Homeland Security Leader: Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries. Early Entry?: The SolarWinds hackers were in the software company’s system as early as January 2019, months earlier than previously known, CEO Sudhakar Ramakrishna revealed. Securities and Exchange Commission (SEC) has opened a probe into the SolarWinds Orion cyber breach, focusing on whether some companies failed to disclose that they had been affected by the hack. Attorneys Offices via Microsoft Office 365: As part of the attack, hackers gained access to employees’ Microsoft Office 365 email accounts in 27 U.S. Lawsuit: SolarWinds urged a Texas federal judge to dismiss a lawsuit alleging the software company misled shareholders about its cybersecurity measures ahead of the Orion security brach. SEC Investigation: Dozens of corporate executives are fearful that information from an SEC probe into the SolarWinds hack could expose them to liability. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19. Spying Allegations: The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. Read from the bottom up for chronological updates. federal government’s statements about the attack. The timeline below connects the dots between the original SolarWinds Orion hack how FireEye discovered the hacker activity SolarWinds’ response since learning of the attack and the U.S. SolarWinds Orion Hack: SUNBURST Security Incident Timeline
0 kommentar(er)
