Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and Information Administration (NTIA).The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Solarwinds is used everywhere - some 80% of the Fortune 500 companies. And by the nature of the software, it can access the entire network of every company that uses it, even if it segments networks by sensitivity of the data on each one.
That means that for six entire months, the Russians (presumably) have had full, unfettered access to even the most sensitive networks and databases for most of the major corporations and many of the governments on the planet.
The FireEye breach that was acknowledged last week shows that the hack was operational way, way beyond the US government. If a major security company can get hacked this way, that means that everyone was hacked.
Russia now has copies of every database it wants from any network, even the most heavily guarded databases. It already stole all the information it wants.
But it is even worse than that.
Once they had access to the most sensitive data in every major company, they might have, and probably did, launch similar supply side attacks against every other major software company the way they hacked Solarwinds. They may have modified the source code and programs on hundreds or thousands of other products that get downloaded as patches or updates every day. This hack was only the entree to other similar hacks that will not be easily found and eliminated.
The amount of damage that is possible from this attack is stunning. Russia could use it to turn off or destroy critical infrastructure like the electric grid or nuclear power plants. They could have infiltrated weapons systems.
They were in for six months. The amount of backdoors and time bombs that could have been inserted in both government and private systems is unfathomable. Our networks aren't just compromised - they may be fatally compromised.
The cyberwar started long ago, but Russia might have just won it.