A number of organisations have been attacked by what has been
chronicled as one of the most severe acts of cyber-espionage in
history named "Sunburst", the attackers breached the US Treasury,
departments of homeland security, state, defence and the National
Nuclear Security Administration (NNSA), part of Department of
Energy responsible for safeguarding national security via the
military application of nuclear science. While 4 out of 5 victims
were US organisations, other targets include the UK, the UAE,
Mexico, Canada, Spain, Belgium, and Israel.
The attack came in the wake of the recent state-sponsored attack on
the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia
said in his blog that the attackers primarily sought information
pertaining to certain government customers.
FireEye classified the attack as being 'highly sophisticated and customized; the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities.
Similarly, last Sunday, the news of SolarWinds being hacked
made headlines for what is being called as one of the most
successful cyber attacks yet seen. As the attack crippled
SolarWinds, its customers were advised to disengage the Orion
Platform, which is one of the principal products of SolarWinds used
to monitor the health and performance of networks.
Gauging the amplitude of the attack, the US Department of Homeland
Security's Cybersecurity and Infrastructure Agency (CISA) described
the security incident as a "serious threat", while other requesting
for anonymity labelled it as the "the most serious hacking incident
in the United State's history". The attack is ongoing and the
number of affected organisations and nations will unquestionably
rise. The espionage has been called as "unusual", even in this
digital age.
As experts were assessing how the perpetrator managed to
bypass the defences of a networking software company like
SolarWinds, Rick Holland came up with a theory, "We do know that
SolarWinds, in their filing to the Security and Exchange Commission
this week, alluded to Microsoft, which makes me think that the
initial access into the SolarWinds environment was through a
phishing email. So someone clicked on something they thought was
benign - turned out it was not benign."
Meanwhile, certain US government officials have alleged Russia for
being behind these supply chain attacks, while Russia has
constantly denied the allegations as the Russian Embassy wrote on
Facebook, "Malicious activities in the information space
contradicts the principles of the Russian foreign policy, national
interests and our understanding of interstate relations,".
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.
Read more https://www.ehackingnews.com/2020/12/what-is-sunburst-look-into-most-serious.html
