US govt taskforce to tackle SolarWinds Orion hack
The US National Security Council has convened a taskforce to investigate a cyber attack by an alleged Russian state-sponsored attacker affecting government customers of SolarWinds’ Orion IT infrastructure monitoring and management platform.
Preliminary intelligence indicates that the culprit is an advanced persistent threat actor likely of Russian origin, according to the Cybersecurity & Infrastructure Security Agency (CISA).
The attacker is believed to be responsible for most or all of the breaches into both government and non-government networks running SolarWinds Orion.
The taskforce, known as the Cyber Unified Coordination Group (UCG), will coordinate the investigation of the cyber attack. It will consist of members from the FBI, CISA and the Office of the Director of National Intelligence (ODNI), with support from the National Security Agency.
According to the taskforce, around 18,000 public and private sector customers of the platform are believed to have been affected by the compromise, but only a small subset are thought to have been compromised by follow-on activity on their systems.
The FBI’s investigation will focus on identifying victims, collecting and analysing evidence and sharing results with government and private sector partners.
CISA will focus on sharing information about the investigation, and has created a free tool for detecting unusual and potentially malicious activity related to the attack. ODNI will provide situational awareness for key stakeholders and coordinate intelligence collection activities to address knowledge gaps.
“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States Government, as well as our private sector partners have been working non-stop. These efforts did not let up through the holidays,” CISA said in a statement.
“The UCG remains focused on ensuring that victims are identified and able to remediate their systems, and that evidence is preserved and collected. Additional information, including indicators of compromise, will be made public as they become available.”
Malwarebytes disclosed that the same nation state actor behind the SolarWinds Orion breach...
SolarWinds believes it has uncovered the highly sophisticated methods used to inject malicious...
Microsoft says the state attackers behind the SolarWinds Orion compromise viewed some of its...