Private and public agencies and organizations worldwide are trying to understand if they have been attacked already. Plus, everyone is trying to determine whether the attack was a part of one of the most extensive Russia hacking operations in years.
The problem continues almost 48 hours after the USA authorities issued an emergency notice on Sunday, December 13. According to the mandate, all government users to disconnect from SolarWinds, a breached network management software.
According to TrustedSec’s CEO David Kennedy, SolarWinds provides incredible monitoring across a company’s complete IT stack. It means that whoever could successfully break through the system has a very high level of access to every client system. Kennedy, an expert hacker, says that the pattern of attack is not easily recognizable by any company.
The National Security Agency employee points out the attack’s stealthy nature and legitimate software to carry out the work. Kennedy states that this is why the Russia hacking operations were so dangerous. Now, it means that the American State Department, parts of the Defense Department, and the DHS (Department of Homeland Security) are finally figuring out the attack.
The scale of the Russian hacking operations
All of the government, as mentioned above, departments are making thorough assessments to conclude the real loss. Finally, there is confirmation that there is a breach in the Commerce and Treasury Departments. Besides, the experts believe that the activities are nothing but part of more significant Russia hacking operations.
On the other hand, SolarWind’s clientele covers approximately 300,000 companies. The same include very sensitive confederate offices such as the Disease Control Centers and the Justice Department. Moreover, there are several private organizations on the list too. Almost every Fortune 500 Organization utilizes some SolarWinds product for network scanning. This includes big defense contractors like Boeing.
According to the company’s official statement, no more than 18,000 people used malicious software that allowed hackers to break into systems and steal data for almost nine months. In one of the regulatory notices, SolarWinds reveals that the malicious tools were fitted into the Orion network software updates. The activity took place somewhere between March and June 2020.
In its official announcement, the company states that its advisors believe that the incident was a part of an extremely targeted, sophisticated, and supply chain attack by outsiders. However, there is still no clarity about the identity of the attacker despite cyber experts doubting Moscow. On the other hand, Russia is denying all the allegations stating they are vague.
What is the motive of the attacks?
All the preliminary reviews are pointing out to a common conclusion. The experts are sure that the sophistication of the attacks shows it is the work of Russia’s Foreign Intelligence Agency. They believe that the SVR is mainly the culprit planning the massive attacks. Moreover, their main plan is to recruit hackers who can derive vital information from targeted sources.
The Chief Tech officer of CRITICALSTART, Randy Watkins, says that if we consider companies’ list in association with SolarWinds, the attacks are nothing short of National insecurity. There is undoubtedly a lot of arguments regarding the real motive of the attackers, probably Russia. Some of the most common guesses include the derivation of military strategy, policy leverage, system designs, or weapon thefts.
On the other hand, Kennedy, the former expert hacker, also agrees with Randy’s statement. Kennedy states that he believes the Russian motive was to derive technology and military secrets. Plus, surveillance of the USA government is another probable motive. However, the aperture scope is still not clear, and American agencies are trying to determine the amount of damage. Kennedy rightly says that the attacks were warnings for all organizations and government agencies. It is time to wake up and check whether people are safe in the country.