Microsoft has confirmed that the recent infection of SolarWinds customers has also affected its networks. SolarWinds provides IT infrastructure management software for companies. In the second quarter, along with the next update, malware was sent to customers. It was discovered only last Sunday. For two quarters in a row, hackers felt at home in the networks of the US military, government agencies and companies. But that’s not all.
There is a nonzero chance that just as the SolarWinds update mechanism was used to distribute the Trojan, Microsoft’s software update system could also be used to send the malware. The company officially rejects this development, although it confirmed that malware identical to the attack on the SolarWinds network was found on its networks.
According to Reuters, the attack on and through SolarWinds on top US government agencies such as the Treasury Department, State Department, National Nuclear Security Administration, Department of Energy and others, besides many companies and organizations, led to an urgent meeting of the US National Security Council. … According to experts, hackers at work for the state are behind the hacking. It is assumed that these are most likely Russian-speaking persons from the APT29 (Cozy Bear) group.
The SolarWinds hack was identified and reported by cybersecurity company FireEye, and then only because it also uses SolarWinds services and received an infected update from it. FireEye specialists are not ready to blame everything on Russian hackers and have assigned the code UNC2452 to the attackers. Judging by the scale of what has happened, we see so far only the tip of the rising iceberg, and below, things are happening that are difficult to imagine. A worthy end to 2020, what can I say.
If you notice an error, select it with the mouse and press CTRL + ENTER.