SOLARWINDS ORION HACKED PASSWORD
“They violated our password policies and they posted that password on an internal, on their own private Github account,” Thompson explained. Rashida Tlaib, former SolarWinds CEO Kevin Thompson declared that the password issue was “a mistake that an intern made.” The investigators don’t exclude the use of stolen credentials and brute-force attacks as possible attack vectors.Ĭonfronted by Rep. “I believe that was a password that an intern used on one of his servers back in 2017 which was reported to our security team and it was immediately removed,” Ramakrishna said in response to Porter. “You and your company were supposed to be preventing the Russians from reading Defense Department emails.” “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” Representative Katie Porter of California said. In a hearing before the House Committees on Oversight and Reform and Homeland Security, CEO Sudhakar Ramakrishna confirmed that the password had been in use as early as 2017.Ī preliminary investigation revealed that the threat actors behind the SolarWinds attack compromised the SolarWinds Orion supply chain as early as October 2019, but later Crowdstrikes’ researchers dated the initial compromise on September 4, 2019.
SOLARWINDS ORION HACKED DOWNLOAD
Threat actors could have used these credentials to upload tainted updates to the SolarWinds download site.
In December, Security researcher Vinoth Kumar revealed he notified the company of a publicly accessible GitHub repository that was leaking the FTP credentials of the company’s download website in the clear text. The issue was addressed on November 22, 2019. The initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. Top executives of the SolarWinds firm believe that the root cause of the supply chain attack was an intern who used a weak password for several years. How the SolarWinds supply chain was compromised
SOLARWINDS ORION HACKED SOFTWARE
The security firm confirmed that a threat actor tracked as UNC2452 had used a trojanized SolarWinds Orion business software updates to distribute a backdoor tracked as SUNBURST. It was also one of the victims of the attack. The Pentagon, State Department, NASA, National Security Agency (NSA), Postal Service, NOAA, Department of Justice, and the Office of the President of the United States are clients of SolarWinds.įireEye was one of the first security firms that investigated the incident.
The threat actors carried out a highly-sophisticated supply chain attack: SolarWinds networking and security products are currently used by more than 300,000 customers worldwide, including government agencies, military offices, major US telecommunications companies, education institutions, and Fortune 500 companies.
After the disclosure of the attack, CISA issued the Emergency Directive 21-01, calling on all federal civilian agencies to review their networks for indicators of compromise power down SolarWinds Orion products immediately. The situation immediately appeared critical. Back in December, the SolarWinds supply chain attack made the headlines when a Russian cyber espionage group tampered with updates for SolarWinds’ Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices.Ī report published by the Washington Post, citing unnamed sources, attributes the attacks to the Russia-linked APT29 cyberespionage group (aka Cozy Bear).
0 kommentar(er)
