APT hackers also compromised the U.S. county government of Arizona as well as major network providers in the massive breach of the software company SolarWinds.
In a massive breach of software company SolarWinds, the latest news reveals that APT hackers also compromised the Pima County government in Arizona, USA, as well as major network providers.
The hackers first gained access to federal agency networks by compromising the SolarWinds Orion product, which sells IT management products to hundreds of government and private sector customers.
U.S. media reported Friday (Dec. 18) that hackers breached the systems of Cox Communications, a major cable Internet provider in Pima County, Arizona, and across the United States.
Reuters confirmed that hackers breached the Arizona county government as well as major Internet providers after running the script code (titled CNAME) released by Russian antivirus software Kaspersky Lab on Friday (11).
Records show that backdoors for Pima County and Cox Communications were activated by hackers in June and July of this year, the peak of this hacking activity identified by investigators.
Pima County Chief Information Officer Dan Hunt said his team has heeded federal advice to disconnect SolarWinds software. He said investigators have not found any evidence of further intrusions.
A spokesman for Cox Communications said the company is working “around the clock” with the help of outside security experts to assess the damage of the breach.
The massive cyberattack by hackers could result in 18,000 organizations or businesses worldwide becoming victims, including government departments, large corporations and private companies.
The hack was first reported by cybersecurity firm FireEye, one of SolarWinds’ customers.
The massive cyber attack has now affected several U.S. government agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce.
In the latest news, the U.S. Department of Energy confirmed Thursday (Dec. 17) that the APT hacking group also compromised the National Nuclear Security Administration (NNSA) system, which maintains the U.S. nuclear weapons stockpile.
The hack is believed to be the largest ever discovered, and the U.S. government has formed an interagency task force to address the threat.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an updated alert related to SolarWinds earlier Thursday, saying the APT hacker group poses a “serious” risk to government and private networks.
The APT hackers, who have been hacking U.S. networks on a large scale since at least March 2020, have shown patience, resources and a focus on attacks, and they have been active on the victim’s network for a long time; and in the breach, the hackers used sophisticated technical methods that made the cyber threat difficult to detect and difficult to remove.
CISA’s new alert also says that the compromised SolarWinds Orion supply chain was not the only initial infection vector used by APT hacking groups, and that not all organizations that delivered backdoors through SolarWinds Orion were targeted by the attackers.
The Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that the hacking campaign against the federal government was on a larger scale than previously known.
Technology company Microsoft said Thursday that malware was also found on its systems. About 30 of the affected customers are located in the United States, the company said.
Microsoft President Brad Smith said in a blog post that hackers gained access to backdoors through other means, but “it’s safe to assume that the number and location of victims will continue to grow.”
Recent Comments