Solarwinds: at least “1000 engineers, highly qualified and capable” behind the cyberattack

Nearly 18,000 companies in the United States were targeted in 2020 in what experts, pointing to Russia, called Tuesday the “most sophisticated attack ever”.

The perpetrators of a massive cyberattack that targeted nearly 18,000 companies in the United States in 2020 were “Disciplined and focused”IT security experts said Tuesday, February 23, pointing to the need for information sharing on existing threats. The attack began in March, with hackers taking advantage of an update to monitoring software developed by a Texas company, SolarWinds, used by tens of thousands of businesses and governments around the world. Computer systems of US government agencies, including the Departments of State, Commerce, Treasury, Homeland Security and National Institutes of Health were also targeted. The attack was discovered in December by the computer security group FireEye, itself the victim of cyberattacks.

The Pirates “Were disciplined and focused”FireEye boss Kevin Mandia told the Senate Intelligence Committee. “They were targeting specific targets, they had a plan and a data collection program”, he clarified. “We have substantial clues that point to the Russian Foreign Intelligence Agency, and no clue leads us anywhere else,” for his part estimated the president of Microsoft Brad Smith. The US authorities have already identified Russia as the main suspect in this attack and the Washington Post said on Tuesday that the government was studying the possibility of imposing sanctions on Moscow.

The need for centralized authority

Microsoft revealed in December that hackers had gained access to part of the company’s computer code by hacking into an employee’s account. According to Brad Smith, “At least 1000 engineers, very qualified and capable” participated in the attack “The most sophisticated we have ever seen so far” which also targeted companies in Mexico, Canada, Great Britain, Belgium, Spain and the United Arab Emirates.

Another loophole used by hackers is the lack of an authority to centralize information on cyber attacks as Microsoft’s contracts with government agencies prohibit the company from communicating about attacks with other agencies, Smith added. Among the avenues to explore, the president of Microsoft has suggested the idea of ​​forcing a company victim of a cyberattack to make a “Confidential notification” to a government entity that would be responsible for intelligence sharing. The boss of FireEye insisted on the need for legal protection for companies like SolarWinds in the face of possible lawsuits from its customers who are victims of cyberattacks.

»SEE ALSO – Véran expresses his “disgust” after the cyberattack on the Villefranche-sur-Saône hospital

Related Posts

“As soon as you pass the treetops, the pylon moves”: behind the scenes of an intervention by telecoms firefighters

Comments Off on “As soon as you pass the treetops, the pylon moves”: behind the scenes of an intervention by telecoms firefighters

Create Account

Log In Your Account