Security News > 2020 > December > US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

America's nuclear weapons agency was hacked by the suspected Russian spies who backdoored SolarWinds' IT monitoring software and compromised several US government bodies, and Microsoft was caught up in the same cyber-storm, too, it was reported Thursday.

The Windows giant uses SolarWinds' network management suite Orion, downloads of which were secretly trojanized earlier this year so that when installed within certain targets - such as the US government departments of State, Treasury, Homeland Security, and Commerce - the malicious code's masterminds could slip into their victims' networks, execute commands, read emails, steal data, and so on.

While Microsoft's comms veep Frank Shaw confirmed the Redmond mega-corp is a SolarWinds user and had installed the tainted Orion updates, he said no evidence could be found that production systems and customer data was accessed by the suspected Russian foreign intelligence snoops.

FireEye - which has been investigating the Orion fiasco after it was hacked by some means by, again, allegedly Russia - told us that the infosec giant worked with GoDaddy and Microsoft to activate a remote killswitch within the backdoor smuggled into the Orion updates.

America's US Cybersecurity and Infrastructure Security Agency issued an alert on Thursday that SolarWinds was not the only way America's servers have been pwned this year by what is believed to be APT29, saying that it has detected multiple intrusions, some persistent, in a campaign that has been ongoing since at least March, not all involving SolarWinds.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/18/solarwinds_nnsa_microsoft_cisa/