New details of SolarWinds hack: US Department of Justice suffered from attack
Arrived new details of the SolarWinds hack, recent compromise of which has led to serious consequences. Let me remind you that unknown malefactors attacked SolarWinds and infected its Orion platform with malware.
Among the victims were such giants as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department and the National Nuclear Security Administration.
Let me remind you that cybersecurity experts compile lists of companies affected by the SolarWinds hack.
In early January, representatives of the US Department of Justice confirmed that the Department of Justice was also affected by the SolarWinds hack. What is worse, the agency was one of the few victims, in the network of which hackers continued to develop the attack and eventually gained access to internal mailboxes.
“Currently it is known that the number of potentially accessible mailboxes O365 (Microsoft Office 365) was limited to about 3%, and we have no evidence that the attack affected any secret systems,” – says the official press release.
Based on the estimated staff of the Ministry of Justice at approximately 100,000 to 115,000, the number of victims ranges from 3,000 to 3,450. It is reported that the criminals’ backdoor has already been neutralized.
Also in early January 2021, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Cybersecurity and Infrastructure Protection Agency (CISA) and the Office of the Director of National Intelligence (ODNI) issued a joint statement. Law enforcement officials said that Russia was most likely behind the compromises of SolarWinds and its clients.
Officials say that an unnamed APT group “likely of Russian origin” is behind this massive attack on the supply chain. The SolarWinds hack itself was described by officials as “an attempt to gather intelligence data.”
In essence, the agency’s joint statement echoed information released by the Washington Post last December. Then the journalists, citing their own sources, wrote that they associate the attack with the well-known Russian-speaking hack group APT29 (aka Cozy Bear and Dukes), which, according to experts, operates under the auspices of the Russian authorities.
It should be said that experts from FireEye and Microsoft, who studied the incident thoroughly, did not report anything about the possible attribution of the attack. Instead, FireEye gave the group a neutral codename UNC2452 and said the attack was not specifically targeted at the United States.
The New York Times and the Wall Street Journal published reports alleging that JetBrains was under investigation for possible involvement in the SolarWinds hack.
Reporters, citing their own government sources, wrote that US officials are considering a scenario in which Russian hackers could hack JetBrains and then launch attacks on its clients, one of which is SolarWinds. In particular, the researchers believe that hackers may have targeted the TeamCity product.
In response, the head of JetBrains, Maxim Shafirov, published a post on the company’s blog, in which he said that nobody at JetBrains knew about the alleged investigation into the company, and SolarWinds representatives did not contact JetBrains and did not provide any details about the incident. Although the affected company is indeed using the TeamCity solution.
“It is important to emphasize that TeamCity is a complex product that requires proper configuration. If TeamCity was somehow exploited in the [hacking] process, it could due to a misconfiguration, and not due to a specific vulnerability. We have not been contacted by any government or security agency on this matter, and we do not know that any investigation is underway. If such an investigation is indeed carried out, the authorities can count on our full cooperation”, — Shafirov says.
Let me remind you that it was also found that Security vendor FireEye and US authorities hit by SUNBURST malware attack.