The Department of Homeland Security said in a bulletin on Thursday that the spies had used techniques other than corrupting updates to network management software by SolarWinds, which is used by hundreds of thousands of businesses and companies. government agencies. “The SolarWinds Orion supply chain tradeoff is not the only initial infection vector that this APT player has exploited,” DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said, referring to adversaries of “Advanced persistent threat”.
CISA urged investigators not to assume their organizations were safe if they were not using recent versions of the software, while stressing that hackers had not exploited all networks to which they had access.
CISA said it was continuing to investigate other avenues used by the attackers. So far, hackers are known to have at least monitored email or other data within the U.S. departments of defense, state, treasury, homeland security, and commerce.
No less than 18,000 Orion customers downloaded the updates that contained a backdoor letting in hackers. Since the campaign was discovered, software companies have cut off communication from these backdoors to computers maintained by hackers.
But attackers may have installed additional means of maintaining access in what some have called the biggest hack in a decade.
Because of this, officials said security teams should communicate through special channels to ensure their own detection and remediation efforts are not monitored.
The Department of Justice, FBI and Department of Defense, among others, transferred routine communications over classified networks believed to have not been breached, according to a person briefed on the measures.
CISA and private companies, including FireEye, which was the first to discover and reveal it had been hacked, have released a series of clues that organizations must look for to see if they have been affected.
But the attackers are very careful and have deleted any logs, electronic fingerprints or files that they accessed. This makes it difficult to know what was taken.
In most networks, they could have created fake data as well, but so far it seems they were only interested in getting real data, people tracking the probes said.
Meanwhile, members of Congress are asking for more information on what may have been taken and how, as well as who was behind it. The Homeland Security Committee and the House Oversight Committee announced an investigation on Thursday, while senators insisted on whether individual tax information had been obtained.
In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across government” and “disrupt and deter our adversaries” from undertaking such major hacks.