A global hack has hit the U.S. government, affecting the Treasury and Commerce departments in a massive cyberspying campaign. Hackers have accessed government networks by installing malicious code into a software update for the Orion security system run by SolarWinds of Austin, TX. The updates created a backdoor entry into private networks once it had been distributed to customers.
The global cybersecurity firm FireEye was also hit by the attack. The hacks were discovered within a week of FireEye’s discovery that foreign government hackers had accessed its own network and stolen the company’s proprietary hacking tools. FireEye reports that it has identified a number of organizations that show signs of compromise.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering all federal civilian agencies to review their networks and immediately power down if using the SolarWinds Orion product. The FBI and the Department of Homeland Security’s cybersecurity arm are investigating the intrusion.
The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.
From the CISA Emergency Directive
The attack has been ongoing for nearly a month, with the seeds for its fruition having been planted in the spring of 2020. Consumers are concerned that their data may have been breached. While it is possible personal data could have been compromised, it is likely not what the hackers were after. This hack was a national security intrusion focused on high-value targets and data. Industry experts said it bears the hallmarks of a Russian cyberattack.