mentioned The New York Times reports that the Russia-linked SolarWinds hack, which has targeted US government agencies and private companies, may be worse than originally feared, as about 250 federal agencies and companies are now believed to be affected.
Microsoft said: The hackers have breached Orion Program For SolarWinds’ monitoring and administration, allowing them to impersonate any existing enterprise users and accounts, including those with high privileges.
The New York Times said: Russia exploited layers of the supply chain to gain access to agency systems.
The report stated that there are several failures in defense, as the Early warning implanted by the US Cyber Command and the US National Security Agency within foreign networks to detect potential attacks failed in this case.
In addition, it appears likely that the US government’s interest in protecting the November elections from foreign hackers may have taken the resources and focus away from the software supply chain.
Carrying out the attack from within the United States also appears to have allowed the hackers to evade detection from the Department of Homeland Security and take advantage of legal restrictions against domestic espionage.
And theShe said Microsoft earlier this week: it discovered that its systems had been compromised beyond the mere presence of malicious code from SolarWinds.
According to the software giant, hackers were able to see the source code located in a number of code repositories, but the hacked account granting access did not have permission to modify any code or systems.
Microsoft said: It found no evidence of access to production services or customer data, and there were no indications that its systems had been used to attack others.
The breach site itself may have played a role as well, as investigators try to determine that the breach was the result of a breach in SolarWinds’ offices in Eastern European countries, such as: Belarus, the Czech Republic and Poland.
Engineers there would have broad access to the hacked Orion network program, and Russia would be more familiar with the region.
The report claims that SolarWinds has been slow to address security, ignoring calls from advisor (Ian Trump). Ian Trump To find the most proactive internal guarantees.
Senator (Mark Warner) Mark Warner, a senior member of the Senate Intelligence Committee, told The Times: The breakthrough looked much worse than he initially feared.
He added: The size of SolarWinds penetration associated with Russia is taking In the expansion, it is evident that the US government has misidentified the scale of the breach from the start.
The full extent of the damage appears uncertain at this time, and it may take months or more before it becomes clear how the breach happened, and most importantly, how much damage was done.