SolarWinds Hack Compromised Dept of Energy’s National Nuclear Security Administration
December 19th, 2020Via: Register:
America’s nuclear weapons agency was hacked by the suspected Russian spies who backdoored SolarWinds’ IT monitoring software and compromised several US government bodies, and Microsoft was caught up in the same cyber-storm, too, it was reported Thursday.
The Windows giant uses SolarWinds’ network management suite Orion, downloads of which were secretly trojanized earlier this year so that when installed within certain targets – such as the US government departments of State, Treasury, Homeland Security, and Commerce – the malicious code’s masterminds could slip into their victims’ networks, execute commands, read emails, steal data, and so on.
Reuters said Microsoft’s security was “breached” by the same crew, and implied this was achieved either through Orion, or some other means, pointing out Homeland Security warned that the hackers, thought to be the Kremlin’s APT29 aka Cozy Bear team, have found multiple ways into various organizations.
While Microsoft’s comms veep Frank Shaw confirmed the Redmond mega-corp is a SolarWinds user and had installed the tainted Orion updates, he said no evidence could be found that production systems and customer data was accessed by the suspected Russian foreign intelligence snoops. The PR chief also denied the newswire’s claim that Microsoft’s platforms were commandeered to hack its own customers.
