Massive hack hits US government and many other organizations

Get a free Techzine subscription!

SolarWinds software, which is used by various American organizations, has been hit by an extensive hack. Russia seems to have played an important part in the hack.

The New York Times writes that it may well be the biggest hack in the last five years. SolarWinds is in use by parties such as the White House and the NSA for their IT infrastructures.

Backdoor

Hackers have added malicious code to SolarWinds’ trusted code. The malicious code opened a backdoor in the SolarWinds software, giving the hackers full access to the computers on which the infected software is installed.

As a result, hackers were able to access all kinds of sensitive information for months. The malicious code is said to have infected the SolarWinds software back in March.

Victims

Security journalist Kim Zetter has shared a list of parties that use the SolarWinds software on Twitter. These parties include:

  • More than 425 of the US Fortune 500;
  • All ten of the top ten US telecommunications companies;
  • All five branches of the US Military;
  • The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States;
  • All fice of the top five US accounting firms;
  • Hundreds of universities and colleges worldwide.

FireEye

The hack came to light after security company FireEye last week turned out to be hacked. Further investigation now shows that the attackers used Orion, a widely used application of SolarWinds to monitor IT systems.

Patch

It is not known what the ultimate objectives of the hackers were and what data they captured. SolarWinds has now released a software update to patch the leak. In version 2020.2.1 HF 1 the leak should be closed on Tuesday a patch with extra security measures will be released. This patch will be version 2020.2.1 HF 2.