Massive Cyberattack In US SolarWinds Hack

Table of Contents

What has happened?

The ‘SolarWinds hack’, a cyberattack recently discovered in the United States,
Has emerged as one of the biggest ever targeted against the US government, its agencies and several other private
It was first discovered by US cybersecurity company

News of the cyberattack technically first broke on December 8, when FireEye put out a blog detecting an attack on its systems.
The firm helps with security management of several big private companies and federal government agencies.
FireEye CEO Kevin Mandia wrote in a blogpost saying that the company was “attacked by a highly sophisticated threat actor”,
Calling it a state-sponsored attack, although it did not name Russia.
It said the attack was carried out by a nation “with top-tier offensive capabilities”, and “the attacker primarily sought information related to certain government customers.”
It also said the methods used by the attackers were novel.
Then on December 13 FireEye said cyberattack, which it named Campaign UNC2452, was not lmited to the company but had targeted various “public and private organisations around the world”.
The campaign likely began in “March 2020 and has been ongoing for months”, the post said.
Worse, the extent of data stolen or compromised is still unknown, given the scale of the attack is still being discovered.

This is being called a ‘Supply Chain’ attack: Instead of directly attacking the federal government or a private organisation’s network,
The hackers target a third-party vendor, which supplies software to them.
In this case, the target was an IT management software called Orion, supplied by the Texas-based company
Orion has been a dominant software from SolarWinds with clients, which include over 33,000 companies.
SolarWinds says 18,000 of its clients have been impacted.
The list includes 425 companies in Fortune 500, the top 10 telecom operators in the US.
The Pentagon, Centers for Disease Control and Prevention, the State Department, the Justice Department, and others, were all impacted.

According to FireEye, the hackers gained “access to victims via trojanized updates to SolarWinds’ Orion IT monitoring and management software”.
Basically, a software update was exploited to install the ‘Sunburst’ malware into Orion, which was then installed by more than 17,000
The attackers relied on “multiple techniques” to avoid being detected and “obscure their activity”.
The malware was capable of accessing the system files.
Once installed, the malware gave a backdoor entry to the hackers to the systems and networks of SolarWinds’ customers.
More importantly, the malware was also able to thwart tools such as anti-virus that could detect it.

NYT opinion article, named Russia and its agency SVR, which has the capabilities to execute the attack of such ingenuity and scale.
FireEye, however, has not yet named Russia as being responsible and said it is an ongoing investigation with the FBI, Microsoft, and other key partners who are not named.

The FBI, CISA and office of the Director of National Intelligence issued a joint statement, and announced what is called the ‘Cyber Unified Coordination Group (UCG)” in order to coordinate government response to the crisis.
The statement calls this a “significant and ongoing cybersecurity campaign.”
The White House and President Donald Trump have been silent.

Q) BlackRock Android recently in news is what type of Malware?