When FireEye discovered that it was hacked this month, the cybersecurity firm’s investigators immediately set about trying to figure out how attackers got past its defenses.
It was not just FireEye that got attacked, they quickly found out. Investigators discovered a vulnerability in a product made by one of its software providers, Texas-based SolarWinds.
“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye’s incident response arm.
After discovering the backdoor, FireEye contacted SolarWinds and law enforcement, Carmakal said.
Hackers, suspected to be part of an elite Russian group, took advantage of the vulnerability to implant malware, which then found its way into the systems of SolarWinds customers when they updated their software.
So far, more than 25 entities have been victimized by the attack, according to people familiar with the investigations.
However, SolarWinds has said as many as 18,000 entities might have downloaded the malicious trojan.
The attackers targeted and compromised “high-value targets, both government and commercial entities,” Carmakal said.
The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients’ computer networks.
While the hack on FireEye was embarrassing for a cybersecurity firm, Carmakal said that it might prove to be a crucial mistake for the hackers.
“If this actor didn’t hit FireEye, there is a chance that this campaign could have gone on for much, much longer,” Carmakal said. “One silver lining is that we learned so much about how this threat actor works and shared it with our law enforcement, intelligence community and security partners.”
Carmakal said there is no evidence FireEye’s stolen hacking tools were used against US government agencies.
“There will unfortunately be more victims that have to come forward in the coming weeks and months,” he said.
While some have attributed the attack to a state-sponsored Russian group known as APT 29, or Cozy Bear, FireEye had not yet seen sufficient evidence to name the actor, he said.
A Kremlin official denied that Russia had any involvement.
FireEye’s investigation revealed that the hack on itself was part of a global campaign by a highly sophisticated hacker that also targeted “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the company said in a blog post on Sunday night. “We anticipate there are additional victims in other countries and verticals.”
The US Department of Commerce confirmed a breach in one of its bureaus, and Reuters reported that the US Department of Homeland Security and the US Department of the Treasury were also attacked as part of the suspected Russian hacking spree.
Carmakal said the hackers took advanced steps to conceal their actions.
“Their level of operational security is truly exceptional,” he said, adding that the hackers would operate from servers based in the same city as an employee they were pretending to be to evade detection.
The hackers were able to breach US government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a foothold into their network and dig deeper all while appearing as legitimate traffic.
ROCKY RELATIONS: The figures on residents come as Chinese tourist numbers drop following Beijing’s warnings to avoid traveling to Japan The number of Chinese residents in Japan has continued to rise, even as ties between the two countries have become increasingly fractious, data released on Friday showed. As of the end of December last year, the number of Chinese residents had increased by 6.5 percent from the previous year to 930,428. Chinese people accounted for 22.6 percent of all foreign residents in Japan, making them by far the largest group, Japanese Ministry of Justice data showed. Beijing has criticized Tokyo in increasingly strident terms since Japanese Prime Minister Sanae Takaichi last year suggested that a military conflict around Taiwan could
A pro-Iran hacking group claimed to breach FBI Director Kash Patel’s personal e-mail inbox and posted some of the contents online. The e-mails provided by the hacking group include travel details, correspondence with leasing agents in Washington and global entry, and loyalty account numbers. The e-mail address the hackers claim to have compromised has been previously tied to Patel’s personal details, and the leaked e-mails contain photos of Patel and others, in addition to correspondence with family members and colleagues. “The FBI is aware of malicious actors targeting Director Patel’s personal email information,” the agency said in a statement on
RIVALRY: ‘We know that these are merely symbolic investigations initiated by China, which is in fact the world’s most profligate disrupter of supply chains,’ a US official said China has started a pair of investigations into US trade practices, retaliating against similar probes by US President Donald Trump’s administration as the superpowers stake out positions before an expected presidential summit in May. The move, announced by the Chinese Ministry of Commerce on Friday, is a direct mirror of steps Trump took to revive his tariff agenda after the US Supreme Court last month struck down some of his duties. “China expresses its strong dissatisfaction and firm opposition to these actions,” a ministry spokesperson said in a statement, referring to the so-called Section 301 investigations initiated on March 11.
When a hiker fell from a 55m waterfall in wild New Zealand bush, rescuers were forced to evacuate the badly hurt woman without her dog, which could not be found. After strangers raised thousands of dollars for a search, border collie Molly was flown to safety by a helicopter pilot who was determined to reunite the pet and the owner. A week earlier, an emergency rescue helicopter found the woman with bruises and lacerations after a fall at a rocky spot at the waterfall on the South Island’s West Coast. She was airlifted on March 24, but they were forced to
RSS