At least two dozen entities including corporations, one state’s health department, and a university were affected by the recent Solar Winds hack attack, the Wall Street Journal has reported.
According to the business newspaper’s analysis, which studied digital clues from victims’ computers collected by Farsight Security and RiskIQ, a pair of digital threat-intelligence firms, the targets of the hack included tech giants Cisco Systems, Intel and Nvidia, Deloitte, a major accounting firm, VMware, a cloud-computing software maker, and Belkin International, a Wi-Fi router and networking equipment maker.
The non-corporate victims were said to include Kent State University and the California Department of State Hospitals.
A Cisco spokesperson confirmed to WSJ that the malicious software used in the hack had been discovered in some employee and lab systems, but added that there had been “no known impact to Cisco offers or products.” An Intel spokesperson similarly said that the company had found no evidence of hackers using the malicious software backdoor, which is hidden in an update, although it had been downloaded and run.
A representative from Deloitte also said that it did not see any “indications of unauthorised access to our systems at this time,” but noted the company had “taken steps to address” the spyware. VMware, Nvidia, and Belkin also indicated that they have yet to identify any negative impact from the corrupted update.
Kent State said it was still “evaluating this serious matter,” while the California Department of State Hospitals said the state was working with federal and state agencies to address the potential harm done.
Up to 18,000 of SolarWind Corporation’s customers, including a majority of Fortune 500 companies, may have been affected by the hack on its Orion monitoring and management platform, which also targeted the federal departments of State, Treasury, Homeland Security, Commerce and Energy.
Investigators still aren’t certain what the hackers may have been after or what data they managed to compromise or steal. WSJ speculates that targets likely included state secrets and internal communications between officials, and on the business end, emails by corporate executives, documents about sensitive technologies, or the means to hack into even more systems at a later date.
One of the companies rumoured to have been hacked includes Dominion Voting Systems, the voting machine company accused by the Trump campaign of being involved in a Democratic Party-run vote fraud campaign in the November election. The rumours prompted Dominion to issue a statement saying that it does not use the Orion software. It does, however, use a SolarWinds FTP file transfer platform.
US Secretary of State Mike Pompeo blamed Moscow for the hack on Friday, saying there were signs Russia was “pretty clearly” responsible. A day later, President Trump appeared to dismiss the Russia claims, saying it was China that “may” have been behind the hack attack.
Both countries dismissed the claims on Monday, with Russian Presidential Spokesman Dmitry Peskov calling them “unfounded” and Chinese Foreign Ministry Spokesman Wang Wenbin accusing Washington of mudslinging “in an attempt to tarnish China’s image.”
In 2017, WikiLeaks revealed that the US Central Intelligence Agency has the technical capability to obfuscate the true source of hack attacks and to make them look like they’re coming from Russia, China, North Korea, Iran, or any number of Arab countries. The tool is known as the ‘Marble Framework’, and is described as an easy to use scrambling device which can automatically compile a spoof attack and correct errors.
Chris Krebs, the recently fired director of the Cybersecurity and Infrastructure Security Agency, took partial responsibility for the breach on Monday, admitting it happened on his watch, before adding that “a bunch of other folks” also “missed it.” The official, who was fired by Trump on 17 November for contradicting Trump on alleged election fraud, also urged Americans not to “conflate voting system security and SolarWinds.”
Do not conflate voting system security and SolarWinds. The proof is in the paper. You can audit or recount again to confirm the outcome. Like they did in Georgia. And Michigan. And Wisconsin. And Arizona. Can't hack paper.— Chris Krebs (@C_C_Krebs) December 19, 2020