Security News > 2020 > December > US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor
America's nuclear weapons agency was hacked by the suspected Russian spies who backdoored SolarWinds' IT monitoring software and compromised several US government bodies, and Microsoft was caught up in the same cyber-storm, too, it was reported Thursday.
The Windows giant uses SolarWinds' network management suite Orion, downloads of which were secretly trojanized earlier this year so that when installed within certain targets - such as the US government departments of State, Treasury, Homeland Security, and Commerce - the malicious code's masterminds could slip into their victims' networks, execute commands, read emails, steal data, and so on.
While Microsoft's comms veep Frank Shaw confirmed the Redmond mega-corp is a SolarWinds user and had installed the tainted Orion updates, he said no evidence could be found that production systems and customer data was accessed by the suspected Russian foreign intelligence snoops.
FireEye - which has been investigating the Orion fiasco after it was hacked by some means by, again, allegedly Russia - told us that the infosec giant worked with GoDaddy and Microsoft to activate a remote killswitch within the backdoor smuggled into the Orion updates.
America's US Cybersecurity and Infrastructure Security Agency issued an alert on Thursday that SolarWinds was not the only way America's servers have been pwned this year by what is believed to be APT29, saying that it has detected multiple intrusions, some persistent, in a campaign that has been ongoing since at least March, not all involving SolarWinds.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/18/solarwinds_nnsa_microsoft_cisa/
Related news
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown (source)
- AT&T, Verizon reportedly hacked to target US govt wiretapping platform (source)
- China Possibly Hacking US “Lawful Access” Backdoor (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian spies use remote desktop protocol files in unusual mass phishing drive (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)