Some 18,000 companies and government institutions were victims of an elaborate hacker attack distributed by SolarWinds software – and, according to Microsoft President Brad Smith, one of the affected companies, this was the largest and most sophisticated criminal action of its kind. until today.
“When we analyzed everything that we identified, we asked ourselves how many engineers probably worked on these invasions. The answer we got was, well, certainly more than a thousand,” said the executive at 60 minutes.
“Complex construction” is one of the characteristics attributed to the approach, discovered in December 2020, by an official bulletin from the United States Cybersecurity and National Infrastructure Agency, and US intelligence services suggested that Russia would be behind the initiative.
The main objective of the maneuver, the entities point out, is to collect information, not to undertake destructive acts. The country under Vladimir Putin, for its part, denies involvement.
Clues and advice
Among other data, hackers gained access to e-mails from various US departments, such as the Treasury, Justice and Commerce departments, as well as content from those who used Orion, a network management program implemented over a wide network. organizations around the globe.
According to SolarWinds, an update to its tool had been tampered with the Sunburst malware, resulting in a security breach that, as experts point out, could require months of system analysis to detect compromised sites and expel criminals.
In its February issue, the Monthly Threat Report by NTT DATA Corporation, a Japanese multinational systems integration company and subsidiary of Nippon Telegraph and Telephone, indicates that “an Advanced Persistent Threat (APT) linked to governments was probably responsible for the attack by trojan. ”
“UNC2452, also known as Dark Halo, APT29 (Cozy Bear) and Turla were cited as probable sources of the attack on SolarWinds”, he points out. Both Cozy Bead and Turla apparently have Russian ties, he points out, the former being linked to the Russian Foreign Intelligence Service and the latter is associated with FSBm, the local intelligence service.
“Analysts should remain vigilant in their research, identify and verify or refute the connections between Sunburst, Kazuar and Grupo Turla as more details of the event are investigated,” advises NTT.