Robert O’Brien, the National Security Adviser cut short his foreign trip and returned to the American capital, Washington, in a clear indication of the seriousness of the major breach that affected dozens of governmental and non-governmental institutions and interests two days ago.
It is widely believed that the recent breach is considered one of the most damaging operations in recent years, although the size of the losses or the importance of information that may have been viewed, copied or corrupted is not clear.
The US Agency for Information Security (CISA) sent an urgent directive to all federal institutions to cut off electrical power to all SolarWinds computers, as soon as the information about the breach occurred, which confirmed the danger of the piracy process.
The Wall Street Journal reported that the hackers had planted an electronic virus on one of the company’s computers, which ran networks among its highly sensitive federal clients.
It is widely believed that hackers affiliated with the Russian government are responsible for infiltrating computer systems in many American parties, while Russia denies the accusations.
Most press reports about the recent attacks point to a breach of a security vulnerability inside a program provided by the software monitoring company SolarWinds, a company headquartered in Austin, Texas.
The company provides services on a large scale to the federal government, including various ministries, government bodies, and research institutes, and provides the same services to thousands of major American companies. Among the most important programs that the company provides to these entities is the “Orion” program to monitor and secure their computer networks.
The company stated, “SolarWinds” that it has about 300 thousand customers, but confirms that less than 18 thousand customers use the “Orin” program that was hacked through.
In an interview with the US National Radio, Glenn Gerstell, who worked as a consultant for the National Security Agency from 2015 to 2020, said that what happened is like “as if you wake up one morning and suddenly realize that a thief has entered and exited your home continuously over the past six months.” “.
Gerstil added that the US security services after the incident “must go back and look in every room to see what was stolen, what was touched or copied, or what was left, and of course, this is just a terrifying idea.”The hackers were careful not to leave traces behind.
According to the information available so far, the list of affected US entities includes the Department of Commerce, the Department of Homeland Security, the Department of Defense (the Pentagon), the Treasury, as well as the US Postal Service, the National Institute of Health, the Secret Security Service charged with protecting the US President, as well as the Federal Reserve. Lockheed Martin, Military Industries, and the National Security Agency.
The latest breakthrough comes within a long list of suspected Russian cyber attacks, and US intelligence accuses Russia of using hackers and other means to influence the 2016 presidential elections. It is worth noting that US national security agencies have succeeded in preventing Russia from interfering in this year’s elections.
How big is the hack?
Microsoft is currently making efforts to find out the size and nature of the breach, which helps reveal the scope of the losses of the companies and agencies affected, and many of the companies that were affected by the attack perform the same tasks.
Various government agencies are also conducting investigations into the cyber breach, and none of them have yet disclosed the details of these investigations.
What is the risk of the hacking process?
Gerstiel says that the biggest challenge ahead of us now stems from “it is not clear what the pirates did after accessing US systems and networks.”
“This is not a matter of someone tampering with software to open dams or shut down electrical networks,” he says. “It is not even clear what the attack was about, and whether it aimed to steal intellectual property and scientific secrets in the same way that China, for example, stole everything from solar panel patents to Methods of manufacturing combat aircraft. “
He said a break-in could simply be a case of espionage from a government trying to understand what its opponent is doing.
What is the position of the parties whose networks have been penetrated?
“We have been informed that this incident was most likely the result of a highly sophisticated and targeted attack by an outside country,” SolarWinds said, “but we have not independently verified the identity of the attacker.”
The company added in a statement that it is cooperating with the FBI, the US intelligence community and other agencies to investigate the breach, “We have been alerted that the attacker is targeting our emails and other files that we use, all of which fall within the Microsoft Office 365 packages.”
The company confirmed that it is working with Microsoft to determine whether any customer data has been extracted, but added that so far, it has not found signs of stolen data.
The cybersecurity company stated that a highly sophisticated state-sponsored adversary stole its Red Team tools, a team specializing in cyber protection, which is used to test security vulnerabilities in its clients’ computer networks, and the client list includes many government agencies.
The company said that it is working with the FBI and Microsoft, and that its analysis indicates that this breach is not a self-spreading process, but rather a deliberately executed process that required careful planning and great human interaction.
The company indicated that its experts believe that “what has happened is an activity behind a large-scale state, targeting both the government and the private sector,” and Microsoft said it shares some details about the threats it has witnessed over the past weeks.
Microsoft added that the instructions issued about updating the software company “SolarWinds” gave the hackers a foothold in the computer network of their targets, which the attacker could use to obtain various and more important data.
She indicated that Microsoft’s defense program, known as Defender, can now detect the files used in the hack.
The company praised other companies for being open and transparent in detecting hacking attacks, saying it would help others enhance their security. As for Microsoft itself, the company said it had not yet “found evidence of a successful attack on its own systems.”