By 
A hacker who appears to be acting on behalf of a foreign government, exploiting software provider SolarWinds, FireEye, a US security firm today deploys malware-infected updates to Orion software. He said he infected the network.
The FireEye report was released after Reuters, The Washington Post, and The Wall Street Journal reported on the interference of the US Treasury and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) on Sunday.
Supply chain attacks by SolarWinds are also a way for hackers to reach the network of FireEye alone. It was released by the company earlier this week.
Sources cited by the Washington Post reported that several other government agencies were also affected.
Reuters reported that the incident was regarded so serious that the previous Saturday, a rare meeting of the US National Security Council had taken place at the White House.
The intrusion has been linked to APT29 by sources talking to The Washington Post. This is the code name used to identify hackers affiliated with the Russian Foreign Intelligence Service in the cyber security industry (SVR).
FireEye did not confirm the attribution of APT29 and gave the group a neutral codename for UNC2452, but some sources in the cybersecurity community said ZDNet APT29 attribution made by the US government is likely correct on the basis of current evidence.
A press release was issued late Sunday by SolarWinds. It identifies the breach of Orion, a centralized framework for monitoring and management software widely used to track all IT resources such as servers, workstations, mobile devices and IoT devices in large networks.
The software company reported that malware corrupted the Orion update versions 2019.4 to 2020.2.1, released between March 2020 and June 2020.
FireEye called the malware SUNBURST and along with GitHub detection rules, released a technical report earlier today.
The malware has been called Solorigate by Microsoft and the Defender antivirus has added detection rules.
The number of victims has not been disclosed.
The hacking campaign does not seem to directly target the United States, despite the first report on Sunday.
“This campaign is widespread and affects public and private organizations around the world,” FireEye said.
“Victims include governments in North America, Europe, Asia and the Middle East, consulting, technology, telecommunications and mining entities. We expect more victims in other countries and industries,” FireEye said. I added.
SolarWinds said it plans to release a new update (2020.2.1 HF 2) on Tuesday, December 15th, which “replaces compromised components and provides some additional security enhancements.”
