~18,000 organizations downloaded backdoor planted by Cozy Bear hackers
Russia-backed hackers use supply chain attack to infect public and private organizations. …
reader comments
80 with 47 posters participating
About 18,000 organizations around the world downloaded network management tools that contained a backdoor that a nation state used to install malware in organizations the used the software, the tools provider, SolarWinds, said on Monday.
The disclosure from Austin, Texas-based SolarWinds, came a day after the US government revealed a major security breach hitting federal agencies and private companies. The US Departments of Treasury, Commerce, and Homeland Security departments were among the federal agencies on the receiving end of hacks that gave access to email and other sensitive resources, Reuters reported. Federal agencies using the software were instructed on Sunday to disconnect systems that run the software and perform a forensic analysis of their networks.
Security firm FireEye, which last week disclosed a serious breach of its own network, said that hackers backed by a nation-state compromised a SolarWinds software update mechanism and then used it to infect selected customers who installed a backdoored version of the company’s Orion network management tool.
The backdoor infected customers who installed an update from March to June of this year, SolarWinds said in a document filed on Monday with the Securities and Exchange Commission. The implant “was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products,” Monday’s filing said. SolarWinds, which said it has about 300,000 Orion customers, put the number of affected customers at about 18,000.
Stealing the master keys
Several factors made Orion an ideal
Continue reading – Article source