SolarWinds Hack: Was There a Microsoft Backdoor?
By Madz D.
Several organizations are struggling with the effect of SolarWinds' Orion network management tools' massive hacking incident. Microsoft revealed that it found "compromised binaries" on its systems.
NASA gave cybersecurity advisory
According to MSN, on Thursday, NASA sent a cybersecurity advisory that referenced Microsoft products like Active Directory and Azure as tools the hackers targeted to access other resources. Microsoft confirmed in a statement that it had found "malicious binaries" on its systems, but no access that anyone had accessed production services or customer data.
A source said Microsoft cloud offerings were used by the attackers in the hack, as per Reuters. However, Microsoft claims there has been no evidence.
According to ZDNet, an alert from the U.S. cybersecurity and Infrastructure Agency (CISA) revealed the agency had evidence of the "additional access vectors" beyond Orion and the backdoor it contained and that the investigation continues.
FBI confirmed numbers of organizations were hacked
Russian spies are accused of attacking Microsoft and infiltrating U.S. nuclear weapons stockpile in a massive breach that has a "grave threat" to America. The ongoing attack had "the hallmarks of the Russian intelligence operation," Top senators on the Armed Services Committee reportedly said after the FBI confirmed several organizations' hack.
Officials told Politico that the National Nuclear Security Administration and the Department of Energy (DOE) have proof that their networks were hacked.
According to The Sun, the networks DOE and NNSA were also hacked during the "extensive spying operation." The feds had formed a task force to address the attack issue before it emerged that Microsoft was compromised.
The tech giant was targeted with government agencies using software from SolarWinds Corp., as per Reuters' sources.
Microsoft products were used for the hack
The hackers reportedly used Microsoft and its products and took advantage of the widespread use of the SolarWinds. The publication noted that it is unclear how many Microsoft users are affected by compromised products.
Six federal agencies are affected by the significant breach. Suspicious activity was detected within the Federal Energy Regulatory Commission; Los Alamos and Sandia national laboratories in Washington and New Mexico; Richland Field Office of the DOE; and the Office of Secure Transportation at NNSA.
More information is needed to be revealed even if officials say they have "evidence of the highly malicious activity. Two people familiar with the supply chain attack told Bloomberg the alleged Russian attackers also breached three states, but they were not identified.
Moreover, federal officials said the hackers more likely used other ways of infiltrating agencies, which one private company poses a "grave risk" to the U.S., Ars Technica noted.
Also, the cybersecurity agency noted the insidious attack was made as early as March 2020. However, it remained undetected until FireEye, a security firm, revealed hackers had penetrated its network last week. On Wednesday, the FBI said a major "ongoing cybersecurity campaign" was underway after hackers stole federal data.