Martin Booz Allen Hamilton, Fed Reserve The Defense Department, National Security Administration discussed on Daily Tech News Show
Of the fortune five hundred companies in the US Lockheed Martin Booz Allen Hamilton pricewaterhousecoopers the Fed Reserve the defense department the state department the u.s. Secret Service the National Security Administration 33,000 of those customers use the Orion platform. So not all three hundred thousand but a large number and solarwinds believes that eighteen thousand of them installed the malware-infected versions now not all 18,000 were targeted but even a small percentage that's a lot of targets home eating that reports that it administrators are finding signs of the malware on their Orion systems, but few are reporting the second stage payload, that would be used to elevate access. So it's believe the attackers targeting a specific customers around the world FireEye for example announced the intrusion and its Network reported last week was caused by the solarwinds breach. It has published detection rules on GitHub that you gain access if you need them Microsoft confirmed the solarwinds compromise in a security alert to its customers and provided counter measures including detection rules added to Defender the u s cyber security and infrastructure. Agency or cica issued an emergency directive with instructions on how all federal civilian agencies can detect an analyze compromised systems and advise them to shut down or Ryan seese advises all host song by Ryan to be treated as compromised until you're certain. Otherwise fire. I calls the malware Sunburst. If you're out there looking around you see Sunburst. That's what that refers to although Microsoft has dubbed it off. So Laura gate so we we have a couple of different ways to refer to it the attack worked by entering the network through the Orion vulnerability. However, it got in there and then gaining elevated credentials wage was in your network that let attackers Ford single sign-on tokens, which would let them impersonate privileged accounts, which allow them to Grant new credentials to themselves and gain high-level access. The attackers were able to track authentication controls and access Office 365 at the national telecommunications and Information Administration where it definitely monitored emails it probably did that in other places as well. FireEye says that each attempted intrusion needed what they called Oculus planning and manual interaction. This wasn't a set-it-and-forget-it blast. This was done intentionally to get our gets it affected fire. I says the victims have included government Consulting technology Telecom and extractive entities in North America Europe Asia and the Middle East so it's not just the same government. We anticipated there are additional victims in other countries and verticals says fire I and yeah the US government appears to be one of them Reuters sources saying that Network Intruders access internal email traffic of the US Department of Treasury and commerce and possibly other agencies the US Commerce Department confirmed a breach and said that sisa and the FBI are investigating and the US National Security Council reportedly met on Saturday to discuss this issue. So this is big it affects a lot of companies..