March 28, 2021: Reports state DHS, cybersecurity leaders’ emails compromised - The Associated Press reported that the SolarWinds hackers “gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries.” March 15, 2021: A Public Affairs spokesperson in the National Press Office of the FBI answered “no comment” to ’s questions on the current status of the SolarWinds attacks, stating that “the investigation is ongoing.”
#Solarwinds hack 2020 how to
This advisory offered further guidance to SolarWinds customers on how to tell if they were affected, what steps to take, and answers to related questions. On December 18, the Unified Coordination Group provided a classified Member briefing by telephone about the attacks.”įebruary 24, 2021: SolarWinds issues a FAQ: Security Advisory. On December 17, the Committees launched an investigation into the cyberattacks.
#Solarwinds hack 2020 software
House Committee on Oversight and Reform and the House Committee on Homeland Security held a joint hearing “examining recent cybersecurity incidents affecting government and private sector networks, including the supply chain attack targeting SolarWinds Orion Software and other cyberattacks. All defended their own actions before and after the attacks, and all fingers pointed at Russia as the attacker.įebruary 26, 2021: Second Congressional h earing - The U.S. This is the largest and most sophisticated sort of operation that we have seen,” Smith told senators. Microsoft President Brad Smith said its “researchers believed at least 1,000 very skilled, very capable engineers worked on the SolarWinds hack. A transcript and a video of the hearing is available on C-Span. January 29, 2021: SolarWinds issues an advisory for both Sunburst and Supernova.įebruary 19, 2021: Biden Administration declares intent to punish Russia for SolarWinds attack - Jake Sullivan, national security advisor, told CNN’s Christiane Amanpour that President Joe Biden’s administration would look at a “broad range of responses” after an investigation to further pinpoint the identities of the attackers.įebruary 23, 2021: First Congressional h earing - Microsoft and FireEye testified before the Senate Intelligence Committee on the SolarWinds attacks. At this time, we believe this was, and continues to be, an intelligence gathering effort.”
January 5, 2021: Joint statement by FBI, CISA, ODNI, and NSA released - The Federal Bureau of Investigations (FBI), CISA, The office of the National Director of Intelligence (ODNI), and the National Security Agency (NSA), jointly released a statement on the formation of the Cyber Unified Coordination Group, which “indicates that an advanced persistent threat ( APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. By this point, the attacks are largely thought to “have begun as far back as October 2019…when hackers breached the Texas company SolarWinds.”
#Solarwinds hack 2020 code
The attack “impacted critical infrastructure providers, potentially impacting energy and manufacturing capacities,” she said, and created an ongoing intrusion that “should be treated as a serious event with potential for great harm.”įollowing is a timeline of how events related to the SolarWinds hack have unfolded, to date.ĭecember 31, 2020: Microsoft says the Russian attackers breached some of its source code - The software giant said that the attackers could not modify code, products, or email and they did not use Microsoft goods to attack other victims. The SolarWinds attack is unprecedented because of “its capability to cause significant physical consequences,” says University of Richmond management professor Shital Thekdi, an expert on risk management and industrial and operations engineering. While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm. Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.
0 kommentar(er)
