What we know so far about the Solarwinds hacking case

It may be the worst attack.

The elite hacker group, which invaded Solarwinds, a network management software company headquartered in Texas, has turned the most used product in the company into Trojan horses.The result was a great success, and even if it was known, six US governments and countless large companies in the United States gave them access.

Until the other day, few people who were involved in IT had heard the name of Solarwinds, but in fact, hundreds of top companies in all the United States were customers.One of the leading security institutions, including the National Security Bureau (NSA), uses the company's network management platform, and the U.S. military has been introduced to communication networks that handle confidential information.I did it.It is thought that the software called Orion Platform was secretly distributing malware to clients, monitoring the computer installed around March this year, and stealing information.

According to Solarwinds, it has affected about half of the 33,000 ORION customers, but did anyone notice in the past nine months?

According to Washington Post, government -related agencies that have been found at this time are the National Institute of Health, which provides biological research for the Ministry of State, the Ministry of Commerce, the Ministry of Finance, the Ministry of Land Security, and the government.。According to Politico, the Ministry of Energy and the National Nuclear Security Bureau, which are in charge of the conservation of nuclear weapons, have been damaged (the Ministry of Energy has affected business networks only.doing).

It is not yet known where, where, and how much damage it was.

According to an anonymous government official, the hacking was the Russian Foreign Intelligence Agency (SVR), and the invasion of Solarwinds was the first stage of the "very advanced" supply chain attack.it is.Hacking began with the Orion Platform a malicious code called Sunburst.Solarwinds states that although the Orion source code is clean, it seems that it was "built in the Orion software build."

Hackers have installed SUNBURST in multiple versions of Orion posted on the company's website by Solarwinds.And when customers of companies and government agencies updated software from the site, they sneaked into the network.After that, I will breathe for a few days to a few weeks and wait for the time.Once you start your activity, you will first reconnect a new environment and send the details to the Lord of Malware.To be a clever, the hackers were impersonating the communication with SUNBURST as an Orion traffic, so it was indistinguishable from the access of ordinary IT staff.From here you can see the level of the level.

SUNBURST can also download, transfer, and execute files.Once you find a target of hackers, you can order Sunburst and use more weapons.One of the TEARDROPs is observing the custom network intrusion software, COBALT STRIKE.These functions allows SUNBURST to find ways to increase the authority in the network by collecting user qualifications or monitoring key strokes.

In response to attacks that seem to be rival countries, countless companies and high -ranking government officials are on the right and left to verify the actual damage.Bloomberg's experts believe that in addition to the complexity of the attack, it is extremely difficult to investigate the damage due to hackers who tried to disguise IT staff thoroughly.

According to senior government officials, the Federal Investigation Bureau (FBI), the CyberSecurity and Infrastructure Security (CISA), the Secretary of the National Intelligence Office set up a joint task force, and decided to respond to the government.CISA, who has been forced to resign by the White House, including the former director of CHRIS KREBS, warns the state that the attack is still very dangerous.Hackers also acknowledged their patience, operating safety management, complex technology.

Russia has denied any involvement in cyber attack.

He issued a monitoring committee and a joint statement with the National Security Bureau, and declared that he had begun investigating the attack on the national system.It is said that multiple high -ranking information agencies were summoned at the White House conference last Friday.Mark Warner, the vice chairman of the Senate Information Committee, criticized the White House, saying, "I haven't taken the situation seriously."He also stated that President Trump said, "Instead of acting on the seriousness of the situation, he is not even recognizing."

At the time of writing the article, President Trump has not made a statement about the attack.