Free Republic

WASHINGTON - The U.S. cybersecurity agency said on Wednesday that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, although it released few additional details. The hacking campaign, which used U.S. tech company SolarWinds as a springboard to penetrate federal government networks, was “impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations,” the Cybersecurity and Infrastructure Security Agency (CISA) said in a statement posted to its website. The CISA said last week that U.S. government agencies, critical infrastructure entities, and private groups...

...Florida Republican Sen. Marco Rubio demanded retaliation against the hackers responsible for the massive cyber security breach. “The methods used to carry out the cyberhack are consistent with Russian cyber operations,” Rubio, acting chairman of the Senate Intelligence Committee said in a tweet. “But it’s crucial we have complete certainty about who is behind this. We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.” …Rubio said the attack is close to “an act of war” in an interview with Fox News’ Laura Ingraham Thursday night. “You saw the bulletin tonight, it went...

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.

SolarWinds’ longtime CEO, Kevin Thompson, had months earlier indicated that he would be leaving at the end of the year as the company explored spinning off one of its divisions. The SolarWinds board appointed his replacement, current PulseSecure CEO Sudhakar Ramakrishna, on Dec. 7, according to a financial filing, a day before FireEye first publicly revealed the hack on its own system and two days before the change of CEOs was announced. It was also on Dec. 7 that the company’s two biggest investors, Silver Lake and Thoma Bravo, which control a majority stake in the publicly traded company, sold...

Computer expert Andrew Morris says he downloaded the infected installer from SolarWinds Orion and found the “backdoor” is still contained on the installer on SolarWinds’ website. Morris is the founder of GreyNoise, a cyber security firm that specializes in finding comprised devices and detecting internet threats. SolarWinds Orion is part of the SolarWinds suite of network and computer management tools used by the US government. Reports indicate that someone, possible Russia, managed to modify SolarWinds Orion in the spring of this year. The modification created a “backdoor” which allowed the hacker to spy on numerous government agencies, including the Treasury,...

A company that provides voting systems in 28 states uses an Internet technology firm that was hacked.Dominion Voting Systems uses SolarWinds software, according to a Dominion web page.SolarWinds does not list Dominion on its partial customer listing but says its products and services are used by more than 300,000 customers around the world, including all five branches of the U.S. military and more than 425 of the U.S. Fortune 500.The situation with SolarWinds software enabled hackers to gain access to the U.S. Commerce Department and, reportedly, the Treasury Department.SolarWinds Orion products are currently being exploited by malicious actors, the Department...