U.S. Treasury breached by hackers backed by foreign government – sources
1. This story is growing, and Reuters has now updated its reporting.
2. Kim Zetter obtained a report from Microsoft that she posted on Twitter in a thread. MSFT offers instructions on detecting and removing the threat, here.
3. FireEye has also updated their research report, here: ” Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor”
4. The Department of Homeland Security has now issued an Emergency Directive: Mitigate SolarWinds Orion Code Compromise.
5. SolarWinds issued a press release, here.
This is serious stuff and with yesterday’s revelations, became even more concerning. I’m not going to try to summarize the technical security issues because it is out of my league and I don’t want to report inaccurately. I trust my readers will understand these reports and what they mean.
Here was the very first post on the topic, after which everything started developing and breaking quickly as people started connecting the dots to a recent disclosure by FireEye. But as it would turn out, the story may start with SolarWinds….
Christopher Bing reports:
A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
Read more on Reuters.