The suspected Russia-backed hackers have compromised at least 250 federal agencies and top enterprises in the US, by infiltrating into ‘SolarWinds Orion’ monitoring and management software.
According to a report in The New York Times, as businesses such as Amazon and Microsoft that provide cloud services dig deeper for evidence. “It now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks”.
US Senator Mark Warner (D-Virginia) was quoted saying in the report on Saturday that the hack looked “much, much worse” than he first feared.
“The size of it keeps expanding. It’s clear the United States government missed it,” Warner said.
According to Microsoft, the hackers compromised ‘SolarWinds’ software allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.”
Microsoft said last week it had discovered its systems were infiltrated “beyond just the presence of malicious ‘SolarWinds’ code.”
The hackers were able to “view source code in a number of source code repositories”, the tech giant added.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” said the company in the update late Thursday.
The account did not have permissions to modify any code or engineering systems and “our investigation further confirmed no changes were made. These accounts were investigated and remediated”, Microsoft added.
The initial estimates were that Russian hackers compromised 18,000 government and private networks.
According to the report, some of the compromised ‘SolarWinds’ software were engineered in Eastern Europe, and “American investigators are now examining whether the incursion originated there where Russian intelligence operatives are deeply rooted”.
The Cybersecurity and Infrastructure Security Agency (CISA) has also warned that US federal agencies must update the hacked ‘Solarwinds Orion’ software or take all its apps offline.
The CISA said all US government agencies that still run ‘SolarWinds Orion’ platforms must update to the latest 2020.2.1HF2 version.
“Agencies that can’t update till that deadline have to take all Orion systems offline,” the guidance read.
At least 24 big companies, including tech giants like Intel, Cisco, VMware and Nvidia, have reportedly suffered the ‘SolarWinds’ hack.
The suspected Russian hackers installed a malware in the Orion software sold by the IT management company ‘SolarWinds’, and accessed sensitive data belonging to several US government agencies and businesses.
–IANS