The US Treasury and Commerce Department’s communications were allegedly compromised by a supply chain attack on SolarWinds, a security provider that helps the federal government and a number of Fortune 500 companies monitor the status of their IT networks.
According to Reuters, which broke the news on Sunday, hackers believed to work for Russia monitored internal e-mail traffic at US Treasury and Commerce departments. Reuters reported that hackers managed to hide malicious code in a software update for a tool called Orion, which is commonly used to simplify single-panel IT for managing different parts of a network.
Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020, which gave them a strong foothold for future piracy.
SolarWinds, publicly listed in Austin, is a Texas-based company worth more than $ 6 billion. According to the company, it has over 300,000 customers, including over 425 US Fortune 500 all ten of the top 10 US telecommunications companies, all five branches of the US military, all five of the top five US accounting firms, the Pentagon, the Department State, the National Security Agency, the Department of Justice and the White House.
The Pentagon is the largest customer, with the military and navy being major users. The veterans’ business department, which is heavily involved in the US response to Covid-19, is another Orion customer and largest instrument spender in recent years. The National Institutes of Health, DHS and the FBI are also among the many branches of the US government that have previously purchased the instrument.
The immediate impact of the disclosures is expected to be purely operational, as the Certified Information Systems Auditor (CISA) has recommended that government civilian agencies stop using SolarWinds Orion. “SolarWinds’ commitment to Orion’s network management products poses unacceptable risks to the security of federal networks. Tonight’s directive is intended to mitigate potential compromises in federal civilian networks and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and secure their networks against any exploitation, “said the director. interim to CISA, Brandon Wales. .
This is the fifth emergency directive issued by CISA under the authority granted by Congress in the 2015 Cyber Security Act.