In the wake of the massive hack on U.S. government agencies and private companies allegedly carried out by Russia, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency released a statement saying it "has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."
According to Wired, all the attacks appear to stem from one initial break-in of the IT infrastructure and network-management firm SolarWinds.
"Hackers had breached the company as far back as October 2019, then planted malicious code in software updates to its network-monitoring tool, Orion. Any customer that installed an Orion patch released between March and June inadvertently planted a Russian backdoor on their own network," writes Wired's Lily Hay Newman.
According to Wired, the hack will only affect the roughly 33,000 SolarWinds customers who use Orion. But according to the CEO of the threat-tracking firm Binary Defense Systems, David Kennedy, "The fear on this one is real."
"This type of attack could allow the adversary access to essentially anyone they wanted that had SolarWinds Orion and the bad patch," Kennedy said. "There is a large scramble right now to see which systems were compromised, and if there is a probability this could have happened, organizations need to investigate."
Apparently not all the Orion customers affected by the hack are at serious risk, meaning that there are three subgroups within the potential victims: "Orion users who installed the backdoor but were never otherwise exploited; victims who had some malicious activity on their networks, but who ultimately weren't appealing targets for attackers; and victims who were actually deeply compromised because they held valuable data," Wired reports.
Newman says that when it comes to this latest hack, eliminating the backdoor is crucial. "...now that the technical details about their infrastructure are public, there's also a risk that other hackers could piggyback on the malicious access as well if it's not locked down."
Read the full article over at Wired.