The hacker group behind the running SolarWinds scandal found other ways to infiltrate American companies and public authorities than just endanger the titular software company. In fact, nearly a third of the hack’s victims – about 30%– have no connection at all with SolarWinds, a senior federal security official said this week.
Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency, told the Wall Street Journal that the hackers “gained access to their targets in various ways” and that it is “absolutely correct that this campaign should not be viewed as the SolarWinds campaign.”
Indeed, the cybersecurity scandal – it has been proven the largest in US history.– unfortunately became known as “SolarWinds” after hackers used Trojan-containing malware to infiltrate the company and its customers through the popular Orion software, an IT management tool widely used by government agencies.
But, as previously reported, the hackers seem to have used many strategies to make their way into US entities – not just hacking Orion. This is inclusive taking advantage of improperly secured administrator credentials, spraying passwords and even, apparently, just guessing passwords. They also endangered other companies independent of the SolarWinds supply chain, such as Microsoft, FireEye, and Malwarebytes, and also appear to have used Microsoft’s cloud-based Office software to access certain government agencies.
Indeed, researchers are still disentangling the hackers’ path and the route they took as they made their way into a vital US supply chain. The Wall Street Journal reports:
SolarWinds itself is investigating whether Microsoft’s cloud was the hackers’ first gateway to its network, according to a person familiar with the SolarWinds study, who said it is one of many theories being pursued.
G / O Media can receive a commission
The hack has affected an alarming number from powerful federal agencies, including the Department of Defense, the federal judiciary, the Treasury, the Departments of Commerce, Labor and State, the DOJ and the National Nuclear Security Administration (NNSA), responsible for securing America’s nuclear supply , among other things.
President Joe Biden has sworn to punish the guilty– recently said he would insure “significant costs” for those responsible. He also promised invest more heavily in attempts to secure federal agencies and has said he will create cybersecurity a more central, strategic part of his presidency than its predecessor.
The US government has provisionally blamed Russia for the hack, issued a statement earlier this month in which it said, “an Advanced Persistent Threat (APT) actor, probably of Russian descent, is responsible for most or all of the recently discovered, persistent cyber compromises from both government and non-government networks.”
However, some private companies are more careful with attribution. Benjamin Reed, the threat intelligence director at FireEye (who was also hacked by the same actor) recently said he had “Not seen enough evidence” to determine if the actor was from Russia, although he called it “plausible.” Russia has denied responsibility.