The United States government has published a “joint note” signed by four federal agencies charged to investigate developments in the Solar Winds invasion and for the first time publicly commented on those responsible for the attack.
According to the statement, Executives work with vision The invaders have “Possible Russian origin” And performed “Intelligence gathering”.
The note confirms the allegations published in the US press. Shortly after the case went public on December 13, several publications such as the New York Times and Washington Post said the government suspected Russian involvement.
President Donald Trump also posted on Twitter that China was a potential suspect in the cyber attack and attacked the press for accusations against Russia.
The statement authorizing suspicion against Russia was signed by four federal agencies:
- Hey FBI, Which acts like the United States Federal Police;
- National Security Agency (NSA), headed by the military;
- Office of the Director of National Security (ODNI), which coordinates intelligence agencies in the United States;
- Infrastructure Security and Cyber Security Agency (CISA), a body created during the Donald Trump administration to coordinate digital security operations.
The text does not mention the government of Russian President Vladimir Putin, leaving open the possibility that another unit may have carried out the attack. The Russian government has already approached the matter and denied any involvement.
The statement also provides some other summary information about the attack. Although the spy code generated by the hackers reached nearly 18,000 SolarWinds customers, “less than ten” US government agencies were hit by Phase II contamination.
Investigators say they believe the number of affected companies was relatively small compared to a universe of 18,000 potential targets.
FireEye revealed that its network had been hacked on 13 December, triggering an action search that reached dozens of institutions and rendered nearly 18,000 networks vulnerable – Photo: Beck Diefenbach / Reuters
SolarWinds makes software used by large companies and government agencies to facilitate monitoring and management of computer networks. Through this system, a company can easily identify areas of the network that are experiencing problems or slowness, for example.
Hackers entered the SolarWinds network and tampered with Orion software, creating a revised update that installed a spy program on about 18,000 company customers who downloaded the sabotage program.
While this code allowed initial access – a “back door” for attack systems – the attackers had to work on each target to move through the network, which the US government believes has happened in some cases .
Companies to be affected include Microsoft, the maker of Windows, and well-known digital security consultant FireEye. It was FireEye that went public about the December 13 attack. A day later, the United States government issued a recommendation that the system be immediately shut down or disconnected with Orion software, confirming that the federal departments were also a hit.
The investigation of the case is still going on. Most targets have not been identified.
Questions about security, hackers and viruses? Send to [email protected]
Tips for your digital security:
5 security tips for your digital life
VIDEOS: See more tips on digital security