Since as far back as March, Russian hackers have been on a sinister tear. By slipping tainted updates into a widely used IT management platform, they were able to hit the United States Commerce, Treasury, and Homeland Security departments, as well as the security firm FireEye. In truth, no one knows where the damage ends; given the nature of the attack, literally thousands of companies and organizations have been at risk for months. It only gets worse from here.
The attacks, first reported by Reuters on Sunday, was apparently carried out by hackers from the SVR, Russia’s foreign intelligence service. These actors are often classified as APT 29 or “Cozy Bear,” but incident responders are still attempting to piece together the exact origin of the attacks within Russia’s military hacking apparatus. The compromises all trace back to SolarWinds, an IT infrastructure and network management company whose products are used across the US government, by many defense contractors, and by most Fortune 500 companies. SolarWinds said in a statement on Sunday that hackers had managed to alter the versions of a network monitoring tool called Orion that the company released between March and June.