Communications to the U.S. Treasury and Commerce Departments would have been compromised by a supply chain attack against SolarWinds, a security provider that helps the federal government and a number of Fortune 500 companies monitor the health of their IT networks.
According to Reuters, which broke the news on Sunday, hackers believed to work for Russia have been monitoring internal email traffic at the US Treasury and Commerce Departments. Reuters reported that hackers were able to hide malicious code in a software update for a tool called Orion, which is typically used to simplify IT with a single panel for administering various parts of a network.
Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020, providing them with a solid foundation for future attacks.
SolarWinds, publicly traded in Austin, is a Texas-based company worth over $ 6 billion. According to the company, it has over 300,000 customers including more than 425 of the US Fortune 500, all ten top 10 US telecom companies, all five branches of the US military, all five top five US accounting firms, the Pentagon, the State Department, the National Security Agency, the Department of Justice and the White House.
The Pentagon is the largest customer, with the military and navy being major users. The Veterans Affairs Department, which is heavily involved in the U.S. response to Covid-19, is another Orion customer and the largest spender for the tool in recent years. The National Institutes of Health, DHS, and the FBI are also among the many branches of the United States government that have previously purchased the tool.
The immediate impact of the revelations is expected to be purely operational as the Certified Information Systems Auditor (CISA) has recommended civilian government agencies to stop using SolarWinds Orion. “Compromising of SolarWinds Orion network management products poses unacceptable risks to federal network security. Tonight’s directive is intended to mitigate potential compromises within federal civilian networks and we urge all of our partners, in the public and private sectors, to evaluate their exposure to this compromise and to protect their networks from any exploitation, “he said. said CISA acting director Brandon Wales.
This is the fifth emergency directive issued by CISA under the authorities granted by Congress in the 2015 Cyber Security Act.