The hacking of the US Department of Commerce and the US Treasury Department is currently continuing to investigate. After investigation, it can be confirmed that the source of the attack is from the SolarWinds software.
The software provided by SolarWinds is mainly used for corporate internal network management. At least 18,000 companies and government agencies around the world use the company’s software.
After investigation, SolarWinds company released version 2019.4 and version 2020.2.1 from March to June 2020. These versions all contain malware named SUNBURST.
This is a very typical supply chain attack, that is, the attacker infiltrates the software of the upstream software developer, and then the malware is brought to the target organization through the software.
Initially, Reuters claimed that the attackers penetrated through Microsoft 365, but how hackers can break into Microsoft’s authentication system and penetrate the US Department of Commerce is a mystery.
Subsequently, Microsoft issued a response saying that the attackers did not compromise the Microsoft 365 series products, but used other means to bypass Microsoft and enter the target organization. Now that more investigation results are released, Microsoft products have indeed not been attacked by hackers.
What really serves as a springboard is the network management software of the Solarwinds company, which carries malware after being updated and can accept instructions from hackers.
It is worth noting that Microsoft also uses Solarwinds software, which has also led to the penetration of Microsoft by hackers. This fact has been confirmed by Microsoft after inspection.
Although the attackers use the SolarWinds software and successfully entered Microsoft, the hackers did not seem to target Microsoft, so the hackers did not seem to have done any harm.
After investigation, Microsoft confirmed that none of the production servers or customer data had been accessed, and there was no sign that hackers used Microsoft servers to attack the target organization.
Because hackers are mainly targeted by the U.S. Department of Commerce and the U.S. Treasury, hackers whose purpose is to steal secrets may not be interested in the business information of companies like Microsoft.
At present, Microsoft has isolated relevant virus samples and files internally. At the same time, Microsoft is developing special killing tools for internal or external detection and killing.
It is worth noting that the US cybersecurity company FireEye stated that hackers may use the malware to develop more durable malware, and the new version is more difficult to detect directly.