Pages

Thursday, December 24, 2020

Israeli universities seem to have been hit by the SolarWinds Russian hack



ZDNet published a list of organizations and Internet domains that appear to have been hit by the massive Russian SolarWinds hack.

Security experts reverse-engineered the malware, known as Sunburst, and found dozens of Internet domains that communicated with the Russian command and control center, indicating at least that they were hit with the initial attack. It doesn't mean that they were necessarily further compromised with a second-stage attack.

Major companies like Intel, nVidia and Cisco are on that list, and they have admitted that they were attacked. But the list also includes three Israeli university domains:

mnh.rg-law.ac.il - apparently the College of Law and Business in Ramat Gan

staff.technion.ac.il - Technion
tr.technion.ac.il - Technion

None of these three subdomains are accessible from the Internet, so decoding their names is a very strong indication that they were hit by the malware.

Hopefully they have patched the initial Solarwinds issue and are vigorously investigating what data might have been stolen and whether any additional backdoors or malware were installed in their networks.




We have lots of ideas, but we need more resources to be even more effective. Please donate today to help get the message out and to help defend Israel.