January 22, 2021
For those of you who have been following our social media feed as well as recent news, you probably already know about the massive cyberattack committed against the US that was announced earlier in December. Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months. It’s moments like these that outline the seriousness of cybersecurity, and why it’s more important than ever for U.S. companies to adopt the requirements put forth by the DoD should they wish to secure a defense contract. Here’s a brief rundown of what exactly happened.
What happened?
Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of Russia’s foreign intelligence service — the SVR. They breached government email systems in a stunningly large and sophisticated operation, marking the biggest cyber-raid against U.S. officials in years. The treasury and commerce departments were both affected and others have been breached as well. The victims include government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East. This list is according to FireEye — a cyber firm that itself was also breached. It’s worth noting that this is the same Russian group that hacked the Democratic National Committee servers in 2015, immediately followed by an attack by the Russian military spy agency GRU, who then leaked the DNC emails to WikiLeaks in 2016.
How did it happen?
The hackers gained entry into networks by getting more than 18,000 private and government users to download a tainted software update. The bad software was distributed through the update server of a network management system made by the firm SolarWinds. Once inside, the attackers were able to monitor internal emails of some of the top agencies in the United States.
Who else is affected?
SolarWinds products are used by organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency. Its clients also include the top 10 U.S. telecommunications companies.
What’s being done about it?
The U.S. government called on all federal civilian agencies to power down SolarWinds Orion products immediately. An emergency directive by the Cybersecurity and Infrastructure Security Agency (CISA) was issued “in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors,” according to the notice. “This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”
APT29 hacks for traditional espionage purposes, stealing secrets that can be useful for the Kremlin to understand the plans and motives of politicians and policymakers. Group members have stolen industrial secrets, hacked foreign ministries and, more recently, have attempted to steal coronavirus vaccine research. On Dec. 30, 2020, CISA put out another bulletin ordering all U.S. federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on Dec. 31, 2020.
Incidents like these can have a lasting impact for years to come. Our goal at Rimstorm is to help your organization take steps to prevent breaches like these and ensure you are meeting all requirements issued by government entities. To achieve compliance with department regulations, contact us today for assessment and consultation.