Communications in the U.S. finance and trade departments were reportedly compromised by a supply chain attack on SolarWinds, a security provider that helps the federal government and a number of Fortune 500 companies monitor the health of their IT networks.
According to Reuters, which broke the news on Sunday, hackers believed to work for Russia have been monitoring internal email traffic at the US Treasury. Reuters reported that the hackers managed to hide malicious code in a software update for a tool called Orion, which is typically used to simplify IT with a single panel for managing different parts of a network.
Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020, giving them a strong hold for future hacking.
SolarWinds, listed in Austin, is a Texas-based company valued at over $ 6 billion. According to the company, the company has over 300,000 customers, including more than 425 of the US Fortune 500, all ten of the ten largest US telecommunications companies, all five branches of the US military, all five of the five largest US accounting firms, the Pentagon. the Department of State, the National Security Agency, the Department of Justice and the White House.
The Pentagon is the largest customer, with the Army and Navy being major users. The Veterans Affairs Department, which has been heavily involved in the U.S. response to Covid-19, is another Orion customer and the largest funder for the tool in recent years. The National Institutes of Health, DHS, and FBI are also among the many branches of the U.S. government that previously purchased the tool.
The immediate impact of the revelations is expected to be purely operational as the Certified Information Systems Auditor (CISA) has recommended civil government agencies to stop using SolarWinds Orion. “The compromise of SolarWinds’ Orion Network Management products poses unacceptable risks to federal network security. Today’s policy aims to mitigate potential trade-offs within federal civil networks, and we urge all of our partners, both public and private, to assess their exposure to this trade-off and secure their networks against any exploitation, “said Brandon Wales. acting director of CISA.
This is the fifth emergency policy issued by CISA under the authorities issued by Congress under the Cybersecurity Act 2015.