There is a buzz in the cybersecurity world, and it is something you don’t want to miss! The United States government was hit with a major cybersecurity breach that may have been going on for months. It’s the type of attack that causes cybersecurity experts to break out in cold sweats in their sleep.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the breach started at least by March of this year. Reports suggest that the attack is likely the work of Russian hackers working for the SVR, the Russian foreign intelligence service. However, there has been no formal declaration that the U.S. finds Russia responsible for the attack.
U.S. officials have confirmed that the departments of the Treasury, Commerce, and Homeland Security suffered security breaches. The full extent – as to how much information was compromised and who all were compromised – is still unknown as of yet. Government officials are still in the process of making a complete assessment. There are concerns though that the breach extends much larger, including other government departments and private companies.
The Russian hackers broke into the network of SolarWinds, a well-known software firm whose tools are used in various U.S. government agencies and large corporations. The hackers created a backdoor into SolarWinds’ Orion software, allowing them to push corrupted software updates onto the clients’ networks. According to reports, somewhere around 18,000 customers downloaded the compromised Orion update. This meant that the hackers had unrestricted access into their networks.
In response to the exploit, the government recommended that all agencies utilizing the SolarWinds Orion products immediately stop using the software. The CISA sent out an emergency directive this week recommending that all federal civilian agencies assess their computer networks and check for any signs of compromise.
Level 2 Designs does not use the Orion enterprise solutions, therefore none of our clients were directly impacted.
For more information, feel free to check out the following articles about the U.S. cybersecurity breaches: