Solar winds did not come out of the negative headlines. Just last week, the new Solar Winds boss had to admit that the attackers on the company’s Office365 mail system had not been identified for nine months. The Chinese are now suspected of attacking a U.S. tax authority and stealing personal data from thousands of employees.
Russian hack is a start
In December 2020, attacks on various U.S. officials became public. The Russian sponsorship team is said to be responsible for the successful breakdown of IT security firm FireE, which used vulnerable updates to Orion network management software from Solarwinds as an attack tool. They sent it to the company’s update server, which was issued with a valid Digital Solar Winds signature, and from there to the target settings.
Last week, a TrustWave employee discovered three vulnerabilities in Solar Winds products. Two of them, including the most dangerous, remote exploitation, are about the Orion site; The other is in FTP server software Serv-U FTP. Solar Winds has already released emergency updates to close dangerous gaps.
Sudhakar Ramakrishna, the new CEO of Solar Winds, who took office only in January 2021, had to be interviewed. The Wall Street Journal Acknowledge that the attackers are internal Hack Office365 mail system in early December 2019 And was able to gain access to an account. From there, they compromised on other postal accounts. Ramakrishna says these processes will be further investigated. Only a dozen of the victims have been officially identified so far, but these attacks could affect up to 18,000 Solar Winds customers.
China under suspicion
Now reported Reuters Another cyber attack on the National Finance Center, the financial arm of the U.S. Department of Agriculture. It must use other means than previous attacks Exploiting holes in Solar Winds network software. The attackers are said to have used infrastructure and methods previously used in other attacks backed by the Chinese government.
The attack on U.S. tax officials could affect the data of thousands of employees. This includes social security numbers, phone numbers, personal email addresses and bank account information. It says the “National Financial Center” is responsible for the salaries of more than 600,000 employees.
The most recent attack on Orion network management software features a well-known IT security expert Bruce Schneier To Solar Winds Concern Triggered: “This ugly ID security is the result of a conscious company’s decision to cut costs in favor of short – term profits. Solar Winds increased its profits by increasing security risk and then passed this risk on to its customers without their knowledge or consent.”