In December 2020, US government agencies and private organizations were targeted with the ‘SolarWinds Attack’. A series of cyberattacks encountered, allegedly related to state-sponsored threat organizations which turned into one of the biggest cyberattacks across the globe.
What were the real intentions behind the attack?
Instead of directly attacking the federal government or a private organization’s network, the hackers targeted a third-party vendor ‘SolarWinds’ which supplies IT management software “ORION”.
Aftermath of it was reported by FireEye, that hackers gained access to victims via trojan zed updates to SolarWinds ‘ORION IT’, a monitoring and management software. The series of attack was made possible by embedding a backdoor entry into SolarWinds software updates and inject a trojan in their system named “Sunburst” malware.
Why hackers choose ORION?
One of the dominant software with huge user base estimated over 33,000 companies.
SolarWinds confirmed that 18,000 of its clients have been impacted. Incidentally, the company deleted the list of clients from its official websites. Amazingly 425 out of 500 fortune companies and top 10 telecom operator were affected too.
Microsoft too found malware in their system and notified 40 customers who were on the target list of attackers.
SolarWinds was exploited to craft a sophisticated supply-chain attack.
How did attackers gain access to around 17000 customers?
By purchasing a common IT practice of software updates, the hackers utilized the backdoor to compromise the company’s assets enabling them to spy on the organization and access its data. 17000 customers installed the update and trojan got injected in their system to breach the data.
The biggest problem for SolarWinds is the compromise of its software signature process because that is its “trust point” with its customers. “If a hacker gains access to the private key of the software vendor, he can use it to sign updates and therefore the user will think that the update is legitimate because the general public and personal keys will match”.