Hackers attacked federal agencies’ servers, including both the Treasury and Commerce departments. Experts believe that the SolarWinds management interface with active “God-Mode” was used. And that it was stolen via a hack from FireEye, the cybersecurity firm.
These attacks came days after a December 7 National Security Agency advisory of Russian state-sponsored cyber actors attempting to target sensitive data.
The NSA advisory warned the “entire National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provide further details on how to detect and mitigate compromised networks.”
The same advisory stated, “The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device.”
FireEye Attacked for access to God-Mode
Last Tuesday, FireEye revealed that hackers with “world-class capabilities” broke into its network and stole the offensive tools it uses to examine the network defenses of its thousands of customers. The Federal Government hacks were revealed just days after FireEye’s disclosure.