A sophisticated cyberattack that began earlier this year has government agencies and major corporations on edge. According to reports, beginning in March, the perpetrators were able to sneak code into a popular product from software developer SolarWinds, giving hackers the ability to access and steal from within an organization’s network.
The FBI said the attack came from an outside “nation-state.” Russia—the top suspect by many security experts—denied involvement Monday. The Washington Post said it was a Russian group known as “APT29” or “Cozy Bear,” hackers affiliated with the Kremlin’s intelligence services.
The theft is unsettling because of what isn’t yet known. A national leader in cybersecurity, FireEye, discovered the hack when it was found to be a victim. The California company’s chief executive officer, Kevin Mandia, wrote in a blog last week: “Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack … used a novel combination of techniques not witnessed by us or our partners in the past.”
Texas-based SolarWinds, which manufactures the network-management software manipulated in the hack, said Monday that “fewer than 18,000” of its customers may have been affected. The company’s 300,000 customers worldwide include the Pentagon and the White House.
U.S. targets included the Treasury, Commerce, and Homeland Security departments and could have had targets including coronavirus pandemic solutions and the U.S. presidential and congressional elections.
“It’s not about quantity, it’s about quality” of targets, John Hultquist, manager of analysis at FireEye, said in the Washington Post story. “SolarWinds was clearly a door that they could walk through. We’re shutting this door. But they’re still in these organizations. There are a lot of information security teams right now who are probably going to be working on this problem through Christmas.”