https://www.crn.com/the-solarwinds-hack
The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with suspected Russian government hackers gaining access to U.S. government agencies, critical infrastructure entities and private sector organizations.
The injecting of malicious code into Orion between March and June 2020 allowed hackers believed to be with the Russian intelligence service, or APT29, to compromise Microsoft and FireEye, as well as U.S. Departments of Defense, State, Treasury, Homeland Security and Commerce, according to reports from Reuters and others.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies Sunday to power down SolarWinds Orion products until all hacker-controlled accounts and identified persistence mechanisms have been removed. CISA said it has evidence of additional initial access vectors beyond SolarWinds Orion, but noted those other intrusion methods are still being investigated.
SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
‘Attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,’ Malwarebytes CEO Marcin Kleczynski wrote in a blog post. /p>
SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
‘Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,’ says BitSight’s Samit Shah.
5 Things To Know About The Mimecast Hack And Stock Drop
From the type of certificate likely compromised to the impact of this hack on Mimecast’s email security rivals to whether the attack is tied to the SolarWinds breach, here are five big things to know about the Mimecast hack.
Hackers Compromise Mimecast Certificate For Microsoft Authentication
The certificate used to authenticate Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365 has been compromised by a sophisticated threat actor.
Hackers Taunt FireEye’s Kevin Mandia At Home With Postcard: Report
The FBI is investigating a mysterious postcard sent to CEO Kevin Mandia’s home days after FireEye found initial evidence of a hacking operation on federal agencies and private businesses, Reuters reports.
SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History
Hackers first accessed SolarWinds in September 2019 and went out of their way to avoid being detected by the company’s software development and build teams, SolarWinds CEO Sudhakar Ramakrishna says.
SolarWinds’ New CEO Will Make These 5 Changes Post-Hack
From resetting privileged credentials and re-signing all digital certificates to manually checking source code and rolling out threat hunting software, here are five critical security improvements new SolarWinds CEO Sudhakar Ramakrishna plans to make.
SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires
‘Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review,’ SolarWinds tells CRN.
SolarWinds Hackers Compromise Confidential Court Filings
The Russian hackers behind the SolarWinds attack have apparently compromised the federal courts’ electronic case filing system, putting ‘highly sensitive non-public documents’ at great risk.
SolarWinds To Pay Ex-CEO $312K To Assist With Investigations
SolarWinds has agreed to pay former CEO Kevin Thompson $62,500 for each of the next five months as the embattled company faces a likely wave of lawsuits and government probes into its conduct around the hack.
SolarWinds Hackers Got Into U.S. Justice Department’s Emails
‘At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3 percent, and we have no indication that any classified systems were impacted,’ the Justice Department announces.
Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort
Nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious SolarWinds Orion update, the Cyber Unified Coordination Group says.
SolarWinds Hit With Class-Action Lawsuit Alleging Securities Violations
The first class-action lawsuit brought against SolarWinds following its colossal breach accuses the company of making materially false and misleading statements about its security posture throughout 2020.
SolarWinds Hackers Gain Access To Microsoft’s Source Code
One Microsoft account compromised by suspected Russian hackers had been used to view source code in a number of source code repositories, but none of the code itself was altered, Microsoft disclosed Thursday.
Here Are 24 Reported Victims Of The SolarWinds Hack (So Far)
From tech giants, internet service providers and IT solution providers to federal agencies and county governments, here’s a deeper look at 24 of the publicly identified victims of the colossal SolarWinds hack.
CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers
The suspected Russian hackers behind the massive SolarWinds attack attempted to hack CrowdStrike through a Microsoft reseller’s Azure account but were ultimately unsuccessful, CrowdStrike says.
Five Solution Providers Breached By SolarWinds Hackers: Researchers
The SolarWinds hackers called for proceeding with the second stage of their attack on Stratus Networks, Digital Sense, ITPS and Netdecisions, and had an unknown response to compromising Deloitte, Truesec says. Digital Sense said it wasn’t impacted by the campaign since the company doesn’t use SolarWinds.
Top Treasury Email Accounts Exposed In SolarWinds Hack: Report
The hackers performed a complex step inside Microsoft Office 365 to create an encrypted “token” that tricked the Treasury’s system into thinking the hackers were legitimate users, The New York Times said.
Microsoft: A 2nd Group May Have Also Breached SolarWinds
A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.
Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack
FireEye CEO Kevin Mandia acknowledges the SolarWinds hack ‘is an attack very consistent with’ what the Russian foreign intelligence service is known for, but didn’t want to officially blame the campaign on them.
Intel, Nvidia Swept Up In SolarWinds Attack: WSJ
The chipmakers say they are investigating the impact of downloading a software update containing malicious code for SolarWinds Orion — the trigger that has left many SolarWinds customers vulnerable — though there is no evidence of any negative impact.
Unclassified Treasury Systems Hit By SolarWinds Hack: Mnuchin
‘At this point, we do not see any break-in into our classified systems. Our unclassified systems did have some access,’ Secretary of the Treasury Steve Mnuchin tells CNBC Monday morning.
Trump Downplays SolarWinds Hack, Pompeo Blames Russia
‘Russia, Russia, Russia is the priority chant when anything happens because Lamestream [Media] is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),’ Trump tweeted.
Cisco Hacked Through SolarWinds As Tech Casualties Mount
Roughly two dozen computers in a Cisco lab were compromised through malicious SolarWinds Orion updates, Bloomberg reported. Cisco says there isn’t currently any known impact to its offers or products.
Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
‘Now is a time to remain vigilant and take an active role in hardening systems against these, now known, tactics,’ Datto CISO Ryan Weeks writes in a blog post announcing the scanner.
VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of this happening.
SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
‘I am not going to give them a free pass,’ says Palo Alto Networks CEO Nikesh Arora. ‘They should have been more vigilant and diligent, but I think this is a very sophisticated, very complex attack. The fact they (the Russians) got in there not only did they do sophisticated things, they also got lucky that this is a piece of software which then went unnoticed for six to nine months, and now it’s embedded in the infrastructure of thousands of customers.’
SolarWinds Hack Compromised 40-plus Microsoft Customers
A decisive plurality – 44 percent – of the Microsoft customers compromised through SolarWinds are actually in the IT sector, and include software and security firms as well as IT services and equipment providers.
Microsoft Breached Via SolarWinds As Scope Of Destruction Widens: Report
Suspected Russian hackers capitalized on Microsoft’s wide use of SolarWinds to infiltrate the software giant, and then used Microsoft’s own products to further their attacks on other victims, Reuters said. Microsoft pushed back on the report.
SolarWinds Deploys CrowdStrike To Secure Systems After Hack
SolarWinds says its breached Orion network monitoring platform now meets the security requirements of U.S. federal and state agencies following the release of a final hotfix Tuesday night.
Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
The U.S. government says it has evidence of additional initial access vectors beyond the SolarWinds Orion supply chain compromise, but noted that those other attack methods are still being investigated.
SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues
‘I think they’re afraid. They’ve got liability, and they don’t know what to say, so everybody’s told to keep their mouth shut. Instead of being focused on the issue at hand, they’re worried about lawsuits,” SolarWinds MSP partner Rich Delany tells CRN.
SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
‘There are a lot of white knuckles around this attack … Even though much of it is unknown, right now people are fearing the worst,’ Daniel Ives of Wedbush Securities tells CRN.
Malware Used In SolarWinds Attack Can Now Be Blocked: FireEye
‘Under certain conditions, the malware would terminate itself and prevent further execution… This killswitch will affect new and previous… infections by disabling… deployments that are still beaconing to avsvmcloud[.]com,’ FireEye tells CRN.
Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
Microsoft has become ensnared in probes surrounding the colossal U.S. government hack, with media reports and company messages focusing on Office 365, Azure Active Directory and a key domain name.
$286M Of SolarWinds Stock Sold Before CEO, Hack Disclosures
Silver Lake and Thoma Bravo said they weren’t aware of the cyberattack at the time of the sale, but didn’t respond to questions about whether they knew Sudhakar Ramakrishna had been selected as SolarWinds’ next CEO.
10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
From how nation-state hackers evaded detection to why federal agencies were ordered to immediately power down Orion to its impact on the SolarWinds MSP business, here are the most important things to know about the SolarWinds breach.
Homeland Security Latest Breach Victim Of Russian Hackers: Report
A spokesman said the Department of Homeland Security is aware of reports of a breach and is currently investigating the manner. The U.S. Treasury and Commerce Departments were also reportedly hacked.
US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach
An emergency directive issued by the U.S. government calls on all federal civilian agencies to disconnect or power down SolarWinds Orion IT management tools because they are being used to facilitate an active exploit.
Infected SolarWinds Updates Used To Compromise Multiple Organizations: FireEye
Nation-state hackers gained access to government, consulting, technology and telecom firms around the world through trojanized updates to SolarWinds’ Orion network monitoring tool, according to FireEye .
8 Big Things To Know About The State-Sponsored FireEye Hack
From who’s suspected to be behind the FireEye hack and how they remained hidden, to what FireEye and intelligence officials are doing to minimize the fallout from the attack, here’s a look at what partners need to know.
FireEye Hacked By Nation-State Group Seeking Government Info
‘This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye,’ says CEO Kevin Mandia.
Newsessentials Blog 
Posted on January 22, 2021
0