In November 2020, months after the DOJ completed mitigation of its breach, Mandiant discovered that it had been hacked and traced its breach to Orion software on one of its servers the following month. An investigation of the software revealed that it contained a backdoor that hackers had embedded into the Orion software while it was being compiled by SolarWinds in February 2020. The contaminated software was shipped to approximately 18,000 SolarWinds customers, who downloaded it between March and June. just as the Department of Justice discovered the anomalous traffic coming out of their Orion server. However, the pirates chose only a small subset of these as targets for their espionage operation. They delved further into the infected federal agencies and around 100 other organizations, including technology companies, government agencies, defense contractors, and think tanks.
Mandiant was infected with the Orion software on July 28, 2020, the company told WIRED, which would have coincided with the period the company was helping the Justice Department investigate its breach.
When asked why, when the company announced the supply chain attack in December, it did not publicly disclose that it had been tracking an incident involving the SolarWinds campaign on a government network months earlier, a spokesperson only noted that ” when we went public, we had identified other compromised customers.”
The incident underscores the importance of information sharing between agencies and industry, something the Biden administration has emphasized. Although the DOJ had notified CISA, a spokesperson for the Homeland Security Agency told WIRED that it did not learn of the initial DOJ breach until January 2021, when the information was shared on a call between employees of various federal agencies.
That was the same month that the Department of Justice, whose more than 100,000 employees span multiple agencies including the FBI, the Drug Enforcement Agency and the US Marshals Service, publicly revealed that the hackers behind the SolarWinds campaign had possibly accessed around 3 percent of their Office 365 mailboxes. There are conflicting reports as to whether this attack was part of the SolarWinds campaign or carried out by the SolarWinds themselves actors. Six months later, the department expanded this and Announced that hackers had managed to breach the email accounts of employees at 27 US attorneys’ offices, including those in California, New York, and Washington, DC.
In its latest statement, the Justice Department said that to “foster transparency and strengthen national resilience,” it wanted to provide new details, including that hackers were believed to have had access to compromised accounts from about May 7 through December 27, 2020. And the compromised data included “all emails and attachments sent, received, and stored found within those accounts during that time.”
Investigators into the Justice Department incident weren’t the only ones to stumble upon the first evidence of the rape. Around the same time as the department’s investigation, security firm Volexity, as the company previously reported, was also investigating a breach in a US think tank and traced it back to the organization’s Orion server. Later, in September, security company Palo Alto Networks also discovered anomalous activity in connection with its Orion server. Volexity suspected that there might be a backdoor in their client’s server, but ended their investigation without finding one. Palo Alto Networks contacted SolarWinds, as had the Department of Justice, but in that case, too, they were unable to identify the problem.
Sen. Ron Wyden, an Oregon Democrat who has criticized the government’s failure to prevent and detect the campaign in its early stages, says the disclosure illustrates the need for an investigation into how the US government responded to the attacks. and how he missed opportunities to stop them. .
“Russia’s SolarWinds hacking campaign was only successful due to a cascading series of failures by the US government and its industry partners,” he wrote in an email. “I have not seen any evidence that the executive branch has fully investigated and addressed these failures. The federal government urgently needs to get to the bottom of what went wrong so that, in the future, back doors into other software used by the government are quickly discovered and neutralized.”
—————————————————-
Source link