According to investigators, the global campaign included the hackers who put their code into regular updates to software used by a company called SolarWinds to manage networks. Its products are widely used on corporate and federal networks, and the malware has been carefully minimized to avoid detection.
The Austin, Texas-based company says it has more than 300,000 customers, including most of the country’s Fortune 500 companies. However, it is unclear how many of them are using the Orion platform that the Russian hackers infiltrated or if they were all targets.
If the Russia connection is confirmed, it will be the subtlest known theft of American government data by Moscow since a two-year rampage in 2014 and 2015 that gave Russian intelligence agencies access to the unclassified email systems at the White House State Department and the joint chiefs of staff. It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators – a move many in his administration now see as a mistake.
Encouraged, the same group of hackers penetrated the systems of the Democratic National Committee and top officials in Hillary Clinton’s campaign, sparking investigations and fears that permeated both the 2016 and 2020 competitions. Another, more disruptive Russian intelligence agency, the GRU, is believed to be responsible for posting the hacked emails to the DNC
“There seems to be a lot of casualties to this campaign, both in government and in the private sector,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a geopolitical think tank that co-founded CrowdStrike, a cybersecurity company four years ago that helped Find Russians in the systems of the Democratic National Committee. “No different from what we saw from this actor in 2014-2015 when he ran a massive campaign and successfully compromised numerous victims.”
Russia was one of several countries that also hacked American research institutions and pharmaceutical companies. That summer, Symantec Corporation warned that a Russian ransomware group was taking advantage of the sudden change in American work habits caused by the pandemic and injecting code into corporate networks at unprecedented speeds and breadth.
According to private sector investigators, the attacks on FireEye resulted in a wider hunt to find out where else the Russian hackers would have been able to infiltrate both federal and private networks. According to official sources, FireEye provided the NSA and Microsoft with some critical pieces of computer code that were looking for similar attacks on federal systems. That led to the emergency warning last week.
