Cyberattackers Took Advantage of Legitimate Updates
CISA acknowledged SolarWinds’ mitigation efforts, but asked agencies not to install new software until CISA could provide further government guidance.
The hackers broke into the Treasury and Commerce departments; within Commerce, the National Telecommunications and Information Administration, responsible for internet and telecommunications policy, was also targeted. Reuters reported later in the day that the Department of Homeland Security may also have been compromised.
“The compromise … poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales in a statement. “We urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation.”
FireEye, which discovered a similar breach earlier this month, said that the attacks began with the insertion of malware into legitimate software updates, giving the hackers remote access to the agency networks.
The malware was designed to avoid detection, blend into normal network activity and cover its tracks; it was also based on difficult-to-attribute tools, the company reported.