American security company FireEye said: Hackers believed to be acting on behalf of a foreign government hacked software company SolarWinds and then published a malware-related update to the Orion platform; In order to infect the networks of many US companies and government networks.
The FireEye report comes after Reuters reported a breach of the US Treasury and the National Communications and Information Administration (NTIA). The attack against software company SolarWinds reveals how hackers earlier this month gained access to the FireEye network.
The Washington Post quoted sources who claimed that several other government agencies were also affected. Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House, the day before, on Saturday.
Sources speaking with the Washington Post linked the hack to the APT29 group, the codename used by the cybersecurity industry to describe hackers linked to the Russian foreign intelligence service SVR.
In security alerts sent to customers, Microsoft also confirmed the penetration of SolarWinds and provided countermeasures to customers who may have been affected. Software company SolarWinds has published a press release admitting to breaching Orion, a centralized monitoring and management software platform.
The Orion platform is usually used in large networks to track all resources in IT, such as: servers, workstations, mobile phones, and IoT devices.
The software company said: The update versions of the Orion platform from 2019.4 through 2020.2.1, released between March and June 2020, are contaminated with malware.
The hacking campaign does not appear to be targeting the United States specifically, as the campaign is widespread and affects public and private institutions around the world.
Among the victims is a group of governmental, advisory and technical entities in North America, Europe, Asia and the Middle East, and it is expected that there will be additional victims in other countries and sectors.
SolarWinds plans to release the new update, which replaces the breach issue and provides many additional security improvements, on December 15th.