SolarWinds and FireEye Breached: What You Should Know…

by

December 17, 2020

It’s been a heck of a month for cybercriminals. Two major cybersecurity firms had their lunch eaten by hackers

Who Was Hacked?

FireEye and SolarWinds were hacked. Up to 18,000 SolarWinds customers were affected by the attack and FireEye had proprietary cybersecurity tools stolen.

Amongst those 18,000 customers were both the United States Federal Government, and FireEye…wait a minute…are these two attacks connected? You better believe it!

What Happened?

FireEye

Earlier this month, FireEye was hacked. The cybersecurity firm said the attack was sophisticated, so much so, that they believed it to be the work of a foreign nation.

After breaching FireEye, attackers stole a collection of tools the company’s Red Team uses to mimic cyberattacks with customers to help the customer better protect themselves. Some of the tools had already been shared with the public, while others were proprietary to the FireEye Red Team program and not publicly available.

As FireEye researched the breach, they came to realize it was connected to a compromised piece of software they had downloaded and installed from a business partner, SolarWinds.

“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye’s incident response arm, in a recent interview with Bloomberg. (Read Here)

SolarWinds

Back in March, hackers compromised two software updates to Orion, a SolarWinds product that’s billed as a scalable, one-stop-shop IT monitoring software.

The versions, 2019.4 HF 5 through 2020.2.1, were deployed between March and June of this year.

Hackers used a very sophisticated manual supply chain attack to monitor the communications of the SolarWinds customers who had the versions installed. According to a recent court filing from SolarWinds (read here), the company estimates 18,000 of their customers had the compromised software installed.

Who is Behind the Hack?

Unsure, but currently we believe the attack was pulled off by a team known for working with the Russian Foreign Intelligence Service (SVR). That’s a preliminary finding. I don’t think the general public will ever get absolute confirmation that Russia was behind the attack, outside of what’s already been said publicly.

What Were the Hackers Doing/Looking At?

So far it looks like they were monitoring internal communications. Emails. What’s important is those emails belonged to people in the Department of the Treasury, Department of Homeland Security, and the Pentagon.

Since the hackers are the ones who compromised the software to begin with, I assume they’ve had access to these emails for a long, long time.

What Happens Next?

The Cybersecurity & Infrastructure Security Agency (CISA. If you’re unfamiliar with them check out this article) has already told impacted government bodies via a release (Read Here) to disconnect the Orion products from their network.

The breach was so significant for the Fed that the National Security Council held an emergency meeting to try and wrap their head around how damaging the breach was.

As for what should happen next, that’s still up in the air. If you’re a SolarWinds customer and you’re using the compromised software it might be a good idea to stop what you’re doing and patch, patch, patch. SolarWinds released a fix for the issue yesterday. You can find out more about what you have to do here: https://www.solarwinds.com/securityadvisory

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...