Hackers attacked federal agencies’ servers, including both the Treasury and Commerce departments. Experts believe that the SolarWinds management interface with active “God-Mode” was used. And that it was stolen via a hack from FireEye, the cybersecurity firm.
These attacks came days after a December 7 National Security Agency advisory of Russian state-sponsored cyber actors attempting to target sensitive data.
The NSA advisory warned the “entire National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provide further details on how to detect and mitigate compromised networks.”
The same advisory stated, “The exploitation of this vulnerability first requires that a malicious actor have access to the management interface of the device.”
FireEye Attacked for access to God-Mode
Last Tuesday, FireEye revealed that hackers with “world-class capabilities” broke into its network and stole the offensive tools it uses to examine the network defenses of its thousands of customers. The Federal Government hacks were revealed just days after FireEye’s disclosure.
FireEye was the cybersecurity company that was tasked with the response to the Sony and Equifax data breaches and aided Saudi Arabia’s government to fight off a cyberattack in their oil industry.
The experts believe that SolarWinds might have been the hackers’ target. And on Sunday, the Washington Post reported that the two federal agencies and FireEye were all breached through the SolarWinds network management system.
Dmitri Alpervitch, the former chief technical officer of Crowdstrike, and cybersecurity expert claims that all SolarWinds end-users will now be scrambling to patch up their networks. The patch is available through the NSA advisory.
This is a critical cyberattack because SolarWinds would give a hacker “God-mode” access to an entire network, so nothing is encrypted and everything visible, explained Alperovitch.
The server software was developed by Austin, Texas-based SolarWinds. , and operates as the management interface of any device where it is used. Unfortunately, it is widely used by multiple U.S. government agencies and hundreds of thousands of global organizations.
“This can turn into one of the most impactful espionage campaigns on record,” Alperovitch said.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.