Reuters reported that exploiting a vulnerability in Microsoft Office 365 was the route the attackers took to break into the National Telecommunications and Information Administration, a part of the US Commerce Department.
#BREAKING— Leah McElrath ?️? (@leahmcelrath) December 13, 2020
Hack of US Treasury and other US government entities reported.
Trump recently fired the head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, @C_C_Krebs. https://t.co/xixFXGoCD7
The Washington Post later reported that Russian attackers hit the Treasury and also hit FireEye, with the network management software SolarWinds implicated.
The Post reporter who wrote this story is the same person who started the now-discarded theory that Russia was responsible for email leaks to WikiLeaks during the 2016 presidential election.
The SolarWinds network management system appears to have been compromised at source, with the company issuing a statement on Sunday saying that updates it released between March and June could have been corrupted.
SolarWinds NMS is used by about 400 of the so-called Fortune 500. Its customers include the top telcos, the US military, the US State Department, the NSA and the Office of the President of the US.
NSC spokesman John Ullyot was quoted as saying: “We are taking all necessary steps to identify and remedy any possible issues related to this situation."
As usual, when such stories are published they invariably claim that the attackers are from a foreign government and "sophisticated". This time, Bing went a step higher and cited his sources as describing the attackers as "highly sophisticated".
I think it’s equally likely that FireEye was working closely with the feds on its own breach investigation that led it to SolarWinds. They then passed the SW IOCs on to feds, who found them.— Jake Williams (@MalwareJake) December 13, 2020
Next week is going to be busy... 2/2
Some commenters on Twitter attempted to tie the intrusion to the recent sacking of Christopher Krebs, the head of the Department of Homeland Security's Cyber Security and Infrastructure Security Agency.
Others questioned whether there was any connection between the attack and the theft of attack tools from the US cyber security firm FireEye last week.
I wonder if there is any connection to those responsible for the recent hack on FireEye. https://t.co/Gi4kBDV1Wj— Andrea R Mihailescu (@MihailescuAR) December 13, 2020
A third category was inclined to blame the Trump administration, saying that it was a bid to sanitise material that would be damaging to the outgoing president.
iTWire has contacted Microsoft for comment.