Security News

Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers. Tonight, Reuters released a report stating that sources indicated that Microsoft was not only compromised in the SolarWinds supply-chain attack but also had their software modified to distribute malicious files to its clients.

Few people were aware of SolarWinds, a Texas-based software company providing vital computer network monitoring services to major corporations and government agencies worldwide. It's raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

A killswitch has been identified and activated for one of the pieces of malware delivered by threat actors as part of the attack targeting IT management and monitoring firm SolarWinds and its customers. FireEye, which disclosed the attack earlier this month after the threat actor managed to breach its systems and steal some Red Team tools, revealed that the attacker had compromised SolarWinds systems and used its access to deliver a piece of malware named SUNBURST. The malware, which is configured to remain dormant for a certain period after installation, is capable of collecting information about the infected computer, downloading and executing code, creating and deleting files, reading and manipulating registry entries, and rebooting the system.

The European Union unveiled Wednesday plans to revamp the 27-nation bloc's dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the European Medicines Agency. The EU last year recorded around 450 cyber incidents involving European infrastructure, notably in the financial and energy sectors, and the pandemic has highlighted Europe's deep dependence on the internet and exposed security weaknesses.

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence. The National Security Council has established a Cyber Unified Coordination Group following the SolarWinds breach to help the intelligence agencies better coordinate the US government's response efforts surrounding this ongoing espionage campaign.

Two Silicon Valley VC firms, Silver Lake and Thoma Bravo, sold hundreds of millions of dollars in SolarWinds shares just days before the software biz emerged at the center of a massive hacking campaign. The two firms owned 70 per cent of SolarWinds, which produces networking monitoring software that was backdoored by what is thought to be state-sponsored Russian spies.

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "Killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. FireEye said hacked networks were seen communicating with a malicious domain name - avsvmcloud[.

Some of America's most deeply held secrets may have been stolen in a disciplined, monthslong operation being blamed on elite Russian government hackers. Thomas Rid, a Johns Hopkins cyberconflict expert, said the campaign's likely efficacy can be compared to Russia's three-year 1990s "Moonlight Maze" hacking of U.S. government targets, including NASA and the Pentagon.

Using indicators of compromise made available by FireEye, threat intelligence and incident response firm Volexity determined that the threat group behind the SolarWinds hack targeted a U.S. think tank earlier this year, and it used a clever method to bypass multi-factor authentication and access emails. "At the time of the investigation, Volexity deduced that the likely infection was the result of the SolarWinds box on the target network; however, it was not fully understood exactly how the breach occurred, therefore Volexity was not in a position to report the circumstances surrounding the breach to SolarWinds," Volexity said.