Disclosure: SolarWinds hackers stole top-secret U.S. government data

Time:2022-8-8

Relevant personnel revealed that the most serious loss of the hacking incident was the exposure of counterintelligence activities against Russia.
Disclosure: SolarWinds hacker stole top-secret U.S. government data Disclosure: SolarWinds hacker stole top-secret U.S. government data

The latest investigation shows that the information stolen by the SolarWinds hackers includes counter-intelligence (counter-espionage) investigations, sanctions policies against Russian individuals, and the US official response to the new crown pneumonia epidemic. Relevant personnel revealed that the most serious loss of this hacking incident, It was the exposure of counterintelligence activities against Russia.

According to relevant sources, Russian-backed hackers have used vulnerabilities in SolarWinds and Microsoft software to launch attacks on U.S. federal government departments and obtain a large amount of information. The latest investigation shows that the stolen information includes counterintelligence (counterintelligence) investigations, sanctions policies against Russian individuals, and the official U.S. response to the new crown pneumonia epidemic.

The hackers came to light late last year, and U.S. officials have since accused them of having the backing of Russia's foreign intelligence service (SVR), but have not disclosed the purpose or results of their cyber espionage. Russian intelligence has firmly denied the US accusations.

Given that some companies involved in the case are reluctant to disclose their losses, the SEC has decided to launch a broader investigation.

The secret and sophistication of the hack was surprising, U.S. officials said. It is reported that the hackers first broke the code production environment of SolarWinds Company, the software written by this department is widely used in network management. In addition, they also exploited vulnerabilities in Microsoft's Office 365 software user authentication method to attack Microsoft users who did not use SolarWinds software.

Earlier reports said that the hackers even penetrated the unclassified network of the U.S. Department of Justice, as well as the mailbox systems of the Treasury Department, Commerce Department and Homeland Security Department and read the emails, and as many as six federal government departments were hacked. They also stole some digital authorization certificates, which allow computers to confirm that certain software is authorized to run. In addition, parts of the source code of Microsoft and other high-tech companies were also leaked.

Relevant personnel revealed that the most serious loss in the hacking incident was the exposure of counterintelligence activities against Russia. A Justice Department spokesman declined to comment.

A White House official said President Biden had issued an order requiring federal agencies to take steps to improve cybersecurity. One of the most noteworthy is the installation of multi-factor authentication systems on work equipment, along with tighter monitoring and management.

Investigate the leaking process

Microsoft Corp said in an annual security review document released on Thursday that government documents are now the target of Russian spies, often about U.S. government sanctions or other Russia-related policies, as well as U.S. efforts to catch Russian hackers. way and so on.

Cristin Goodwin, head of Microsoft's digital security division, said the company has analyzed the types of users and accounts that have suffered cyber intrusions. "We can use this to understand what the hackers are targeting," she told Reuters.

Government officials involved in the investigation claimed more discoveries, such as noting that Russians used "sanctions" and other keywords to search for U.S. electronic documents.

Chris Krebs, the former head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), who has advised SolarWinds and several other companies, believes Microsoft and official investigators describe the hacker's targets as "logical."

“In this environment, if I were a threat actor, I would have a clear set of objectives. First, I would have access to high-value data relevant to government decision-making, and sanctions would be the obvious choice,” Kribbs said.

The second thing to do, he said, is to observe the target's response to the attack, or "incident response." "I want to know what they know about me so that I can improve my hacking skills in the future and avoid being detected when I break into a network."