What is Solar Wind Hack? Know all details of the cyber attack on USA here
Why in News?
A large chunk of US government emails has been targeted in a hack thought to have been carried out by Russia as reported by the American media.
- This has been the biggest ever targeted cyber attacks in the United States of America.
- US Government, its agencies as well as many private companies have been affected by it
- The treasury and commerce departments of the United States were both affected and others may have been breached.
- The hackers were able to monitor internal emails at some of the top agencies in the US
- The first attack was discovered by Fire Eye which is a cybersecurity company aiding the US Government.
In a Gist:
- How did the hackers gain access- Through Trojanised updates
- What software update was exploited- Sunburst Malware into Orion
- How was it undetected- Malware thwarted tools like an anti-virus that were used to detect it
- Who is investigating- Cyber Unified Coordination Group
What has happened?
- The attack has been labelled as a state-sponsored attack and is said to be carried out by a nation with top offensive capabilities. The attacker wanted to use the government customer data as informed by Fire Eye.
- The attack was named Campaign UNC2452.
- The hack began in March when a malicious code was slipped into updates for the software, Orion, made by the company SolarWinds. This company monitors the hardware and software networks of businesses and governments for outages.
- This gave a chance to all the hackers to access to an organization’s network to steal information.
- The apparent months-long timeline gave the hackers ample time to extract information from many targets
Who is affected by this?
- The hack is said to have a global effect. This is because the affected software is in use in parts of a business having the potential to devastate organizations.
- SolarWinds, of Austin, Texas, provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.
- SolarWinds is working with FireEye as well as the FBI, the intelligence community, and other law enforcement agencies.
- The Pentagon, Centres for disease control and prevention and state department, justice department along with top 10 telecom operators of the US are said to be affected.
- It has been estimated that over 33000 companies are said to be using Solar Winds, thus under effect.
Who is behind the attack?
- SolarWinds informed that it was an outside nation-state that tried to infiltrate its systems with malware.
- However, neither the US government nor the affected companies have informed the public about the nation-state they think is responsible for these attacks.
Cyber-defence is a hard thing to do. However, retaliation against governments responsible for egregious hacks happens. The United States can now expel diplomats and can impose sanctions.
For example, the Obama administration expelled Russian diplomats after the Kremlin military hackers’ meddling in Donald Trump’s favour in the 2016 election. SolarWinds may have to face legal actions from its customers and government agencies that have been affected by the breach.