You’d be forgiven for missing it, but there’s been a extremely significant cyberattack that’s compromised the highest levels of government and commerce over the past few months. It’s a bit complicated, but here’s what’s happened with the SolarWinds breach.
What is SolarWinds?
SolarWinds is a U.S. company that sells network-monitoring and other services to a wide range of big companies and government agencies around the world.
One of the products, Orion, allows organisations to identify problems in their computer networks. Unfortunately it can also help anyone else see those problems (and many details about their networks) if they have access to it.
How did SolarWinds end up being breached?
Earlier this year, malware was inserted into a software update for SolarWinds’ Orion product.
According to the company’s estimations, up to 18,000 of their customers installed the update, which gave the bad actors access to their networks.
While details are still being worked out, it’s believed that the people behind the malware have used this backdoor to siphon data from different organisations and make off with some of their information.
One of SolarWinds customers, FireEye, believes that the bad actors stole the hacking tools developed by the cybersecurity company.
How was the breach discovered?
FireEye first announced the breach earlier this week, saying that a “sophisticated threat actor” had accessed their systems, focusing on their government clients as well as their tools.
Soon after, it was reported a number of companies that all used SolarWinds, and FireEye pointed the finger at the software firm.
Who’s been affected by the breach?
Oooh boy. There’s a few big names here: U.S. Treasury, Department of State, Department of Commerce, Department of Energy and the National Nuclear Security Administration (the one that manages the country’s nuclear weapons!), Microsoft, just to name a few.
Neither SolarWinds nor FireEye has named all of their clients, leaving it to reporters and agencies to reveal information about the breach.
Who’s behind the breach?
No one has been named explicitly. But there have been some strong hints.
FireEye CEO Kevin Mandia said that the breach was likely backed by a “nation with top-tier offensive capabilities”.
An anonymous U.S. official told AP that Russia is suspected. But a spokesperson for Russia denied any involvement.
Has the breach been fixed?
Yes, as far as we know. Earlier this week, domains used by the people behind the breach were seized by Microsoft and used to essentially hijack the network. This allows them to short circuit the network, ending the bad actor’s intruding.