"Hot News"

SolarWinds' hack may be much worse than originally feared


 SolarWinds' hack may be much worse than originally feared

The New York Times reports that the Russia-linked SolarWinds hack, which has targeted US government agencies and private companies, may be worse than originally feared, as about 250 federal agencies and companies are now believed to be affected.

Microsoft said: Hackers breached SolarWinds' Orion monitoring and management program, allowing them to impersonate any of the organization's existing users and accounts, including those with high privileges.

The New York Times said: Russia exploited layers of the supply chain to gain access to agency systems.

The report stated that there are several defense failures, as the early warning systems that the US Electronic Command and the US Agency for National Security planted within foreign networks to detect potential attacks failed in this case.

In addition, it appears likely that the US government's interest in protecting the November elections from foreign hackers may have taken the resources and focus away from the software supply chain.

Carrying out the attack from within the United States also appears to have allowed the hackers to evade detection from the Department of Homeland Security and take advantage of legal restrictions against domestic espionage.

Microsoft said earlier this week that it had discovered that its systems had been compromised beyond the mere presence of malicious code from SolarWinds.

According to the software giant, hackers were able to see the source code located in a number of code repositories, but the hacked account granting access did not have permission to modify any code or systems.

Microsoft said: It found no evidence of access to production services or customer data, and there were no indications that its systems had been used to attack others.

And the breach site itself may have played a role as well, as investigators try to determine that the breach was the result of a breach in SolarWinds' offices in Eastern European countries, such as: Belarus, the Czech Republic and Poland.

Engineers there would have broad access to the hacked Orion network program, and Russia will be more familiar with the region.

The report claims that SolarWinds has been slow to address security, ignoring calls from Counselor (Ian Trump) Ian Trump for more proactive internal safeguards.

Senator (Mark Warner) Mark Warner, a senior member of the Senate Intelligence Committee, told The Times: The breakthrough sounded much worse than he initially feared.

He added: The size of the SolarWinds penetration associated with Russia is expanding, and it is clear that the United States government has misidentified the size of the penetration from the start.

The full extent of the damage appears uncertain at this time, and it may take months or more before it becomes clear how the breach happened, and most importantly, how much damage was done.