A hack by US software company SolarWinds could suddenly spy on government agencies and large companies all over the world. What exactly happened?
On Sunday, December 13th, a hacking attack surfaced on the US Treasury, after which it appeared the Department of Homeland Security was also a victim.
In the following days, more and more US government agencies reported a breakthrough, including the one that deals with the nuclear weapons arsenal.
Popular security company FireEye and Microsoft were also affected. The latter says the systems were never inaccessible.
It was no coincidence that all of these attacks were reported in close succession: they all originated from one program, used by many large organizations around the world.
A victim of an American software maker of hacking
The attack began with the American solar wind. This company creates special software for government agencies and large companies to help manage their networks and systems.
Hackers have managed to break into SolarWinds systems and add malware to Orion’s software. Malware became part of the update, which automatically installed in organizations that use the app.
Thousands of cases were eavesdropped
The malware eventually reached nearly half of all 33,000 customers who installed Orion, according to a report by SolarWinds. The malware lasted undisturbed for several months until it was detected.
After installation, the malware did nothing for a while, after which the network traffic inside the company was secretly monitored. This espionage was hidden as an act by Orion himself, which makes it difficult to detect. Then the information gathered was returned to the hackers.
Russia is suspected, but rejected
So far, no one has taken responsibility for the widespread hacking and espionage. Anonymous sources in talks with various news agencies blame Russia for spying on other countries in this way.
Evidence for these claims has yet to be provided, and SolarWinds itself has not identified a potential culprit. The Russian government also denies involvement in the hack.
It is unknown who is affected
After the discovery, US departments, FireEye and Microsoft reported malware found, but the list of affected authorities is likely much longer due to the thousands of customers.
According to SolarWinds, companies in Belgium and the United Kingdom are also victims of the attack. Companies in the Netherlands are also using the software, but it remains to be seen how far they have been targeted. Our country has also been marked on a map of suspected affected companies compiled by Microsoft.
The attack is under investigation
In the United States, the attack is mainly in the spotlight because malware has been found there so often so far. President-elect Joe Biden calls the attack a “top priority” when he moves to the White House.
The attack is being further investigated by several ministries, while a partnership between the FBI and CISA is working to respond to the incident.