Communications at the U.S. treasury and commerce departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.
According to Reuters, which broke the news on Sunday, hackers, believed to work for Russia, monitored internal email traffic at the U.S. tax and trade departments. Reuters reported that the hackers managed to hide malicious code in a software update tool called Orion, which is commonly used to simplify it with a simple dashboard to manage various parts of a network.
Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020, which gave them a strong basis for future hacking.
SolarWinds, publicly listed in Austin, is a Texas-based company worth more than $ 6 billion. According to the company, it has more than 300,000 customers including more than 425 of the U.S. Fortune 500 all ten of the top 10 U.S. telecommunications companies, all five subsidiaries of the U.S. military, all five of the top five U.S. accounting firms, the Pentagon, the State Department, the National Security Agency, the justice department and the White House.
The Pentagon is the largest customer, as the military and navy are big users. The veterans department, which is heavily involved in the U.S. response to Covid-19, is another Orion customer and the tool’s largest spender in recent years. The National Institutes of Health, DHS and FBI are also among the many branches of the U.S. government that have previously purchased the tool.
The immediate impact of the revelations is expected to be only functional, as a Certified Information Systems Auditor (CISA) has recommended government civilian agencies stop using SolarWinds Orion. “SolarWinds’ Orion Network Administration Products Commitment poses unacceptable risks to the security of federal networks. This evening’s directive aims to mitigate potential compromises in federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and secure their networks against any exploitation, “said the interim director of CISA, Brandon Wales.
This is the fifth urgent directive issued by CISA according to the authorities given by Congress in the 2015 cybersecurity law.