SolarWinds compromised: How hackers attacked software used by US government departments

Hackers managed to compromise and instal malware on a piece of security software -– the Orion security tool developed by SolarWinds

Thousands of companies and institutions across the globe have to check if they have been hacked via security software from Texan firm SolarWinds at the heart of a cyberattack on several US government agencies.

Hackers managed to compromise and install malware on a piece of security software -– the Orion security tool developed by SolarWinds which is used for management and supervision of IT networks at many large companies and several US government agencies. 

Rather than attack directly clients who include top accounting firms -- but also the full gamut of military branches -- the hackers aimed to compromise the software's automatic update function.

Beyond the content of the data hacked, the break-in further allowed the crypto burglars to gain an idea of their victim's systemic structural vulnerabilities. 

The attack was discovered by cybersecurity company FireEye, which, along with SolarWinds, has pointed the finger at people linked to the Russian government.

The United States Department of the Treasury imposed the fresh sanctions

The malware was laced into the software updates that breached network security and allowed access to data including mail, with FireEye saying the breaches began around last March. 

According to SolarWinds, 18,000 users of Orion have potentially suffered a security breach, including government agencies and Fortune 500 companies. 

According to FireEye, what it termed a state sponsored attack targeted governments as well as leading global enterprises notably in the technology and energy sectors in North America, Europe, Asia and the Middle East.

According to Jacques de la Riviere, who runs French cybersecurity firm Gatewatcher, it is still too early to know which other firms or institutions have been infiltrated.

FireEye and Microsoft believe the attack was by a nation state and expert analysis has pointed the finger at Russia, as have anonymous US security sources. As yet, Washington has yet to give the accusation its official seal. 

These US sources have focused on an organisation known as advanced persistent threat (APT) 29, or Cozy Bear, which is believed to be linked to one or more Russian intelligence agencies and previously pirated the White House under President Barack Obama.

Jacques de la Riviere says he has responded by ramping up protection on his own servers.

Beyond that he hopes the high-profile attack will encourage firms and institutions to be more demanding when it comes to stewardship of their data and software security.

"This could be a turning point, where many clients are going to start saying 'I no longer want to purchase software that has not been certified by a third party'," he said.