Microsoft, The US Department of Justice and Mandiant (A security and digital forensics firm). What do all of them have in common?
A trojan horse attack, downloaded in the form of a recent update on the well-liked Orion network management system supplied by SolarWinds – the largest digital provider in America, supplying to 425 of the US Fortune 500, all five branches of the US Military and even NASA. So, where, when and how did this havoc start?
Though not confirmed, it is suspected that the hacking group referred to as APT29 began their attack as early as January 2019 through a backdoor attack (Malicious code that allows access to a system by bypassing all authentication procedures). This allowed them almost two years’ worth of intelligence gathering on SolarWinds through monitoring staff emails, viewing company code and stealing data. A terrifying prospect for everyone involved, especially when you consider that SolarWinds is involved in software for US Nuclear Weapon facilities.
After this period of spying, APT29 began the first of many supply chain attacks (A cyber attack directed towards an organization which supplies to many other companies in order to gain access and steal from them). During the upload of code to a device, it must be changed from code written by humans to binary understood by the machines. Within this process, security measures check that the code hasn’t been altered and is safe for upload, however, the hackers were cleverly able to write code which shut down this security check, allowing them to put over four thousand lines worth of malware into the Orion system.
The Orion update became available for download in March of 2020, and this is when the true horrors took place. The malware was able to delete all anti-virus checks, allowing it to stay undetectable. It then began to feed back private information such as IP addresses (a unique code registered to every computer), operating system details, usernames and passwords to the hacker’s command and control servers. After reviewing this information, they were then able to decide as to whether or not they wanted to continue manually pursuing the company’s data.
Later, the hackers initiated their attack known as ‘Teardrop’, allowing them to detect vulnerabilities in the companies’ networks and access even more data. However, not long after this new installation teams at several tech companies including Microsoft began working on methods to counter this internet invasion. After careful planning, they were able to modify the hacker’s domains and redirect their networks to a site that would permanently inactivate all malware.
Due to the sophistication of this cyber espionage, it is still unknown as to just how much was stolen and illegally modified. It is also still a mystery as to how the hackers gained access to SolarWinds servers in the first place as all network records dating back to 2019 have been deleted.
The FBI were quick to begin hunting down these cyber criminals and it was quickly suspected that the attack was of Russian origins. This was a major concern, of course, to everyone involved in the American military and government as confidential information from them had been targeted specifically. Upon President Joe Biden’s meeting with Vladimir Putin, the Russian President claimed to have no knowledge of the attack or the hacking group involved, however this could very well be false. Members within the US government felt it necessary to escalate tensions with Russia over the SolarWinds attack, some even wishing to go to war. Joe Biden refused to proceed with such ideas, suspecting them to have dire outcomes for everyone involved.
As cyber attacks become more commonplace, it is important to know how to keep yourself protected online. Some strategies include: Not using the same password for all of your online accounts, setting up 2-factor authentication such as fingerprint or face ID, avoiding clicking on links and downloading data from untrustworthy sites and getting a VPN (Virtual Private Network) in order to keep your data private and protected while surfing the web.
