Security teams around the world mobilized on Monday to contain the fallout from a widespread cyberattack by suspected Russian hackers, who have spied on the clients of US information technology company SolarWinds undetected for more than eight months.
The US Department of Homeland Security issued an emergency warning Sunday, ordering users to disconnect and deactivate SolarWinds software that it said had been compromised by “malicious agents.”
The warning came after Reuters reported that suspected Russian hackers had used software updates to break into multiple US government agencies, including the Treasury and Commerce departments. Russia denied having any connection to the attacks.
On Monday, people close to the hacking campaign said the Department of Homeland Security was also targeted. One of them argued that DHS email had been compromised, but not the critical network that the cybersecurity division uses to protect infrastructure.
DHS is responsible for border security, cybersecurity, and most recently, the safe distribution of the COVID-19 vaccine.
SolarWinds, which says its clients include most of the US Fortune 500 companies, said the move was carried out “by a foreign nation state and intended to be a limited, highly targeted and manually executed attack.”
But two people with knowledge of the investigation told Reuters that any organization that had an updated version of the company’s Orion network management software would have had a “back door” installed by the attackers on its computer systems.
“After that, it’s just a matter of whether the attackers decide to take more advantage of that access,” one of the sources said. Microsoft researchers said in a blog that they had first seen malicious copies of the SolarWinds software deployed by hackers in March.
In the UK, where publicly available SolarWinds sales documents show various government departments using the company’s software, a spokesman for Prime Minister Boris Johnson said investigations were underway.
“The National Cyber Security Center is working to assess any impacts in the UK, but we are not aware of any UK related impacts at this time,” the spokesperson told reporters. Kremlin spokesman Dmitry Peskov said the allegations reported by Reuters and other media outlets were false.
“If there have been attacks for many months and the Americans could not do anything about it, it is probably not worth immediately and baselessly blaming the Russians,” he said. “We had nothing to do with it,” he said.