UPDATED 20:07 EST / DECEMBER 17 2020

SECURITY

Latest SolarWinds victims reportedly include nuclear weapons agency and Microsoft

The number of potential victims in the SolarWinds WorldWide LLC hack continues to rise today, as the U.S. Energy Department and National Nuclear Security Administration are believed to have been compromised — along with Microsoft Corp., though the software giant strongly denies it.

The hack, first reported Sunday and blamed on Russian state-sponsored hackers, came about after SolarWinds pushed compromised software to some 18,000 of its customers in both March and June. The hack was first reported to have affected the U.S. Commerce and Treasury Departments, with Homeland Security also attacked. A report Tuesday added the State Department and National Institutes of Health to the list.

The addition of the DOE and the NNSA was first reported by Politico, which said officials from both had begun to coordinate notifications to their congressional oversight bodies. In particular, suspicious activity related to the SolarWinds hack is said to have been found at the Federal Energy Regulatory Commission, the Los Alamos National Laboratory, the Sandia National Laboratories, the Office of Secure Transportation at NNSA and the Richland Field Office of the DOE.

Hopefully, most won’t need a history lesson, but the Los Alamos National Laboratory is the birthplace of the Manhattan Project, which developed nuclear weapons and continues to serve today as a major center for research in fields such as national security, space exploration, nuclear fusion and nanotechnology. The Sandia National Laboratories is a key research facility for the development of non-nuclear components in nuclear weapons.

The Politico report noted that FERC had been the hardest-hit, with evidence of “highly malicious activity.”

Additional U.S. government agencies being caught up in the SolarWinds hack is not a great surprise, since its Orion information technology monitoring and management software is known to be used across many government departments. But the report that Microsoft was also a potential victim is surprising.

Reuters, citing people familiar with the matter, said Microsoft was hacked by the same group taking advantage of the SolarWinds. The report added that after the hackers breached Microsoft, they then used Microsoft’s own products in follow-on hacks against others.

Microsoft is denying the report, however. Microsoft President Brad Smith told Nicole Perlroth at the New York Times that the Reuters report is false. “We have no indication of this,” Smith said. “We also want to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations.”

Separately, Microsoft said in a statement to ZDNet that it has found virus-laden SolarWinds Orion apps in its environment but no proof of hackers pivoting to production systems.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” Microsoft said. “We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

Microsoft has been working with customers to mitigate the risk presented by the SolarWinds, intervening to seize and “sinkhole” a domain that played a central role in the attack. It also forcibly blocked and isolated versions of the SolarWinds Orion software known to be compromised.

Warning that there is likely worse news to come, Brandon Hoffman, chief information security officer at IT service management firm Netenrich Inc., told SiliconANGLE that more evidence almost certainly will be found.

“The government needs to really step up and prepare for the fallout of all this data loss,” Hoffman said. “Claiming we don’t know will not satisfy the public about the state of national security. There needs to be some level of transparency about what was taken and how we plan to respond based on all the potential ways this data can be used.”

Tom Pendergast, chief learning officer at cybersecurity and privacy education company MediaPro Holdings LLC, gave a stark warning, noting that “the fact that nation-state actors had months of gathering inside information that they could use to extort or manipulate employees within the breached companies and departments should prompt immediate planning to prepare employees to fend off social engineering attempts that utilize this information.

“Imagine how easy it would be to scam an employee if you could examine all their communications,” Pendergast added. “This is a ticking time bomb that may take many years to explode.”

Photo: Pixahive

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU