DHS says SolarWinds hack was far more widespread than first thought

Get a free Techzine subscription!

Agency confirms that 30% of the hack victims did not even use SolarWinds software.

Investigators have revealed the recent cyber attack that penetrated government agencies and blue-chip businesses may be far greater than first realized.

Cybersecurity firm Malwarebytes first reported last week they were victims of the same attacker that compromised SolarWinds’ Orion software. They also noted that the attack did not use SolarWinds itself.

Attacks came through other vectors

According to Malwarebytes, the attacker had used “another intrusion vector” to gain access to a limited subset of company emails.

“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. “

After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”

Related: Our complete Solarwinds dossier

US Cybersecurity agency confirms larger scope of the attack

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, told the Wall Street Journal 30 percent of breached federal agencies and private firms had no direct connection to SolarWinds. 

“This adversary has been creative. It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign,” he said. 

Instead, Wales said hackers exploited known bugs in software products. They guessed passwords and took advantage of issues in the configuration of Microsoft’s cloud software.    

Wales said there is evidence hackers used Microsoft’s cloud software as a way into some systems. This has sparked fears that millions of individuals, businesses and government agencies may have been vulnerable to the attack.

“State actor” blamed for the attacks

In December 2020, several US agencies including the FBI and the Pentagon suffered a security breach when hackers penetrated SolarWinds.

US intelligence officials have since said the attackers appeared to be “state actors”. They have further determined that the hackers were “likely” from Russia’s SVR foreign intelligence service.

Wales said the probe continues to show the hack was to enable spies to carry out ‘long-term intelligence collection’.

Tip: Our complete Solarwinds dossier