If we already knew that the cyber attack on the SolarWinds company affected dozens of government agencies and potentially compromised state secrets, a new New York Times report suggests the extent of the damage even more seriously. 250 other networks were likely affected by this hack. According to the report, the hackers could even have infiltrated the SolarWinds teams.
Is SolarWinds the only one responsible?
If such a cyber espionage operation could have happened, it is because there have been several defensive failures. The New York Times report said Cyber Command and the NSA installed warning systems on foreign networks to detect such attacks. It looks like they didn’t work.
In the same category
Will the new identity card be forgery-proof?
We can also read that the hackers might have orchestrated this operation from American soil in order not to arouse suspicion of the authorities. The measures taken to monitor the 2020 US presidential election may have allowed this cyberattack to go smoothly.
According to the New York Times, hacking could even have started from SolarWinds offices in Eastern European countries such as Belarus, the Czech Republic, and Poland. We know that engineers in these countries had easy access to Orion software, the famous software that would have started the entire campaign.
The proximity to Russia is perhaps no coincidence either. The published report also mentions an undeniable slowness of SolarWinds in responding to this attack. This is despite the hiring of several senior security officers in 2017 to meet the requirements of the GDPR.
An attack of unprecedented proportions
SolarWinds refuses for the time being to acknowledge its responsibility in this matter. The company prefers to hold another position for the time being. A spokesman said, “We were the target of a very sophisticated, complex and targeted cyber attack.” In each case, several government agencies were actually affected.
This is particularly true of the U.S. Department of the Treasury, the National Telecommunications and Information Administration (NTIA), the National Institutes of Health (NIH), and the Cyber Security and Infrastructure Agency (CISA). ) or the Department of Homeland Security (DHS).
Microsoft also claimed to have been the victim of a security breach. The company has discovered tampering with its software. This is very bad news as hackers have likely used Microsoft products and software to escalate their operations to other companies.
It will certainly take a few months, if not several years, to know exactly how the hacking developed and, most importantly, what damage was actually caused.