The bulk hacking of sensitive computer systems through the Orion platform of the American SolarWinds is causing turmoil in the world of cybersecurity. On the list of potential culprits: Russia, China and North Korea are cited.
This is THE big deal of the moment in the world of cybersecurity. SolarWinds, named after the American publisher of the computer platform Orion, has seen hackers infect updates to its software, opening the doors of the computer systems of nearly 20,000 customers through a backdoor (called Sunburst). Of course, the updates in question were immediately stopped, fixes were quickly developed, but a great many customers have been – or still are – at the mercy of hackers who can in this way steal sensitive data, or even destroy them.
Sensitive government agencies among the victims
Note that only a small portion of SolarWinds customers are affected, as the company has a total of some 350,000 customers. But now, large companies are affected, as well as US government agencies, and not the least since the ministries of Defense and the Treasury are concerned, as well as the agency on which the routing of air traffic or the management of air depends. nuclear energy. In France, several CAC40 companies use SolarWinds solutions a priori, and are likely to have been exposed to intrusions and data theft over the past nine months.
While many are investigating to understand what could have happened and how the updates to Orion could have been trapped by the hackers, there is very little certainty at the moment. The only information coming from the company SolarWinds: it was the victim of a hack of the Microsoft Office 365 solution that its employees use. Without directly linking it to the attack that followed, the fact of divulging this information opens a trail on a possible path for hackers, who after having infiltrated the publisher’s computer network would have managed to get their hands on future updates for Orion that they would have modified.
Delayed hack
The SolarWinds case is exploding these days and, by many experts, it is one of the most disturbing hacks in recent years. Operating mode, time to discover the flaw, total concealment of the action of the pirates, these are the characteristics of this attack which question and worry at the highest point. Because among the data that may have been exposed, valuable information may have been stolen, including major industrial secrets or classified documents.
Worse, the hackers were able to take the opportunity to install, deep within the affected computer systems, “digital implants” that can be activated in the future to access or destroy certain data. This could result in a total loss of confidence in the infrastructure which, for some, took years of work and huge investments to build.
We can better understand why, currently, all the security solutions publishers and all the major researchers in cybersecurity are working to analyze this attack in order to see it more clearly. In their investigations, they will of course seek to determine the origin of the pirates, because an attack of this level requires, in the opinion of all, state support. Russia, China and North Korea were immediately placed on the suspect list, although it is likely that we will never have irrefutable proof of the participation of either of these countries. .
Microsoft and FireEye, two victims at the core of the matter
Microsoft, whose software was indirectly blamed by SolarWinds, is obviously very active in this matter. Its president, Brad Smith, delivered some discoveries made by his security teams, saying that 40 companies or organizations, 80% American, had been entitled to special attention from hackers, namely a second level of attack. Microsoft, which recognizes that this attack poses a serious risk to the security of the “nation” would also be placed on the list of victims. The backdoor in question has been found on some of its systems, but so far no evidence of exploitation has been found.
In this case, the name of FireEye also comes up a lot. Normal, this company specializing in computer security is one of the victims of this piracy. It was even she who, at the beginning of the month, communicated on this high-level hack , after having investigated her own hack and started to develop tools to limit the consequences of the flaw.
Joe Biden worried
Joe Biden, who has yet to take the chair, commented on the matter. In a statement, the president-elect said there was still a lot of gray areas about this attack, but “what we know is very concerning,” he said before adding: “My administration will make cybersecurity a priority at all levels of government and we will make responding to this cyberattack a priority as soon as we take office. “