In March 2024, a group of hackers believed to be linked to the Chinese government carried out a large-scale cyberattack on SolarWinds, a software company that provides services to many government organizations. and large business in the United States. This attack affected millions of Americans and raised serious cybersecurity concerns.
The hacker group installed malicious code into SolarWinds’ Orion software, used by more than 33,000 organizations worldwide. This malicious code allows hackers to access the networks of attacked organizations and steal sensitive data.
The goal of this attack is believed to be to gather intelligence and harm important US government and business organizations.
The attack caused serious consequences, including:
Stolen sensitive data of millions of Americans
Disrupting operations of government organizations and businesses
Increases tensions between the United States and China
The US government condemned the attack and accused the Chinese government of being behind it. The United States has also imposed sanctions on organizations involved in the attack.
Previously in 2020,a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access.Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches.Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.
The attack, which had gone undetected for months, was first publicly reported on December 13, 2020, and was initially only known to have affected the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce In the following days, more departments and private organizations reported breaches.
The cyberattack that led to the breaches began no later than March 2020 The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware.A supply chain attack on Microsoft cloud services provided one way for the attackers to breach their victims, depending upon whether the victims had bought those services through a reseller. A supply chain attack on SolarWinds’s Orion software, widely used in government and industry, provided another avenue, if the victim used that software. Flaws in Microsoft and VMware products allowed the attackers to access emails and other documents,and to perform federated authentication across victim resources via single sign-on infrastructure.[21][45][46]
In addition to the theft of data, the attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to check whether they had been breached, and had to take systems offline and begin months-long decontamination procedures as a precaution. U.S. Senator Richard J. Durbin described the cyberattack as tantamount to a declaration of war. President Donald Trump was silent for days after the attack, before suggesting that China, not Russia, might have been responsible for it, and that “everything is well under control
The SolarWinds attack is a prime example of increasing cybersecurity risks. Organizations need to implement strong security measures to protect their data from cyber attacks.
