Over the weekend, a number of federal agencies revealed they’d been hacked by the Russian Cozybear espionage team. They were able to breach the networks via a backdoor that had been planted in the SolarWinds network management software, essentially giving the hackers access to the lowest level of the stack.
“SolarWinds by its nature has very privileged access to other parts of your infrastructure,” Chapple, a former computer scientist at the National Security Agency, said in an interview. “You can think of SolarWinds as having the master keys to your network, and if you’re able to compromise that type of tool, you’re able to use those types of keys to gain access to other parts of the network. By compromising that, you have a key basically to unlock the network infrastructure of a large number of organizations.”
The hack was discovered by security researchers FireEye, apparently by accident when they realized their own network had been compromised.
The Washington Post also has a good overview.
The scale of the Russian espionage operation appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds products are used by organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.
Its clients also include the top 10 U.S. telecommunications companies.
The vast majority of cybersecurity experts agree that the Trump administration has severely undermined national network security. Trump fired Christopher Krebs, who lead cybersecurity for the election, after Krebs disputed the president’s baseless claim the election was somehow rigged.