(Dec. 18, 2020) NASCUS is in touch with federal authorities about the recent – and some say catastrophic – hack of IT systems by a nation-state hacker group that was revealed over last weekend through products offered by IT software provider SolarWinds.
The hack, according to documents filed by SolarWinds early this week with the Securities and Exchange Commission (SEC), appears to have affected about 18,000 of the firm’s 300,000 customers. The hackers reportedly inserted malware into updates for Orion, a software application by SolarWinds for IT inventory management and monitoring. The versions affected were 2019.4 through 2020.2.1, released between March 2020 and June 2020. According to reports, the malware allowed attackers to deploy additional and highly stealthy malware on the networks of SolarWinds customers. SolarWinds has not yet said how hackers breached its own network.
However, as indicated by the relatively narrow scope of those affected by the hack, the attack was targeted to specific groups using the software, including the Treasury Department, and the Department of Commerce’s National Telecommunications and Information Administration (NTIA).
Other federal government customers known to be using the software (but which may or may not be affected by the hack) include the Cybersecurity and Infrastructure Security Agency (CISA), U.S. Cyber Command, the Departments of Defense, Homeland Security, Energy and Veterans Affairs, the FBI, and others. Customers in other countries may also have been affected, including governments.
NASCUS is participating in a number of conversations among federal regulators regarding the hack, most of which are confidential, and monitoring developments. However, during the conversations, groups such as NASCUS have been urged to encourage their members to review the CISA emergency directive on the compromise and plug into the agency for updates as they become available.