If 2020 has been known for anything in the internet security space, it has been the proliferation of cyber threats and attacks. It appears that a major U.S. government contractor is the latest high-profile victim of a security breach.
A Months-Long Operation
Statements from the United States Department of Homeland Security and cybersecurity firm FireEye confirmed hackers had broken into Orion, an IT management and monitoring tool used by several Fortune 500 companies.
The FireEye report explained that the tool, developed by Oklahoma-based software company SolarWinds, is regularly used by government and businesses in Europe, North America, the Middle East, and Asia. FireEye explained that the hack appeared to have begun as far back as early spring 2020, when the hackers injected their malware into the tool’s software updates.
Some of the government agencies that use SolarWinds include the Homeland Security Department, the Department of Commerce, and the National Telecommunications and Information Administration (NTIA).
A further account from cybersecurity journalist Kim Zetter explained that the hackers had infected Orion’s software with malicious code without SolarWinds’ consent. The malicious code eventually got distributed to customers.
“That malicious code, once it infected customer systems, opened a backdoor into those systems and contacted the hackers to let them know the door was open for them to surreptitiously enter those systems and begin stealing sensitive data on those networks,” Zetter explained.
Zetter added that since the activity has only been recently discovered, the hackers have been spying on government officials and workers without anyone finding out.
For its part, SolarWinds explained in a statement that it had only been aware of the threat recently. The company confirmed that it had found vulnerabilities in versions of the Orion software that had been released between March and July. SolarWinds also confirmed that it has been collaborating with cybersecurity firms and the FBI on investigations, hoping to find a way forward soon.
Possibly More to Come
Several other news sources have tried to find out who could have been behind the attacks. A Reuters report suggests that the Kremlin could have sponsored the hackers as part of a broader espionage campaign against the United States and its interests.
The incident is also occurring less than a month following the firing of Chris Krebs, the cybersecurity chief at the Homeland Security Department. However, as reports have now confirmed, the campaign has been going on for months.
While this hack has reportedly been going on for months, it appears to be a precursor for what could come. Late last month, cybersecurity firm Kaspersky Labs forecasted that the economic building period following the coronavirus pandemic would involve an uptick in security breaches.
As the company explained, the post-COVID-19 era will see more people slide into extreme poverty and get desperate to make ends meet. This will lead them to turn to cybercrime. The report also explained that many of these criminals would turn to cryptocurrencies, capitalizing on their censorship-resistant nature.