The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an update alert Thursday related to the system management software SolarWinds, saying APT hackers pose “significant” risks to government and private networks.
CISA’s AA20-352A notice, issued Thursday, said APT hacking groups have been using the opportunity to break into U.S. government agencies, critical infrastructure entities and private companies since at least March 2020. The hackers have shown patience, resources and a focus on the attack, and they have been on the victim network for a long time.
CISA confirmed that the breaches by hacking groups had damaged US government agencies and “critical infrastructure”, and that in doing so, they had used sophisticated techniques that made the threat difficult to detect and difficult to remove.
The new alert also said that the compromised SolarWinds Orion supply chain was not the only initial infection carrier exploited by APT hackers, and that not all groups delivering backdoors through the SolarWinds Orion were targeted by attackers.
The alert warns that government agencies, critical infrastructure entities and private companies, if they suspect a breach, need to be highly aware of operational security, including when to participate in incident response activities and planning and implementing remedial plans.
“The threat actors exhibit the complexity and sophistication of the techniques used in these intrusions.” “CISA expects that the removal of a threat actor from a compromised environment will be highly complex and challenging,” the alert reads.
CISA did not disclose which institutions or infrastructure had been damaged. SolarWinds is a provider of network services to the U.S. Military, and the Dominion, a voting machine company.
Reuters 13, the first quoted sources reported that foreign government-backed hackers have been monitoring the U.S. Treasury and Commerce Department agencies responsible for Internet and telecommunications policy internal email exchanges.
The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Directorate (CISA) then stepped in to investigate the cyber espionage.
CISA issued an emergency directive 21-01 On Thursday night asking all federal and civilian agencies to review their networks for signs of leaks and immediately disconnect or shut down Orion network management products from SolarWinds, a system management software company.
SolarWinds has said that two updates to the system released this year may have “potential vulnerabilities”.
Recent Comments