SOLARWINDS SUPPLY CHAIN ATTACK & THE DARK WEB

The SolarWinds Supply Chain attack in December 2020 impacted major government organizations and companies. This incident highlights the severe impact software supply chain attacks can have on organizations and the proof that many of them are woefully unprepared to prevent and detect such threats. The attack was said to have allowed hackers to access the network of US cybersecurity firm FireEye. Even though FireEye did not name the hackers, the Washington Post reports it is APT29 or Cozy Bear, the hacking arm of Russia’s foreign intelligence service, the SVR. Read more about the SolarWinds Supply Chain breach on our blog.

Information Sold on the Dark Web

SolarWinds Supply Chain develops software, known as Orion, which helps businesses manage their own IT, networks, systems and infrastructure. It is believed that fewer than 18,000 of its major government and corporate clients were compromised. This includes US government agencies. There have been several claims from hackers, regarding stolen data and tools. More importantly, there have been attempts to sell it online. They also claim to have more data over time as they work through all the data they have. It remains to be known whether the sale or alleged data and tools are genuine.

The group speculated to be Cozy Bear or APT29 announced on the regular web and the dark web that they would be putting the data they have stolen up for sale. They are offering to sell the data in four lots – Microsoft for $US600,000, Cisco for US$500,000, SolarWinds for $250,000, and FireEye for $US50,000. Alternatively, one buyer could get the lot for $1 million.

The hackers have allegedly already uploaded the files to the dark web, however, a key or password is required for access. They say that they can prove that the data is genuine and that the sale does not include any intelligence data from the US Treasury or the Department of Commerce, which were also hit in the attack.

Cisco has revealed that there is no evidence that their intellectual property was stolen in the attack, but are aware of the website claiming to have the data for sale. Microsoft also acknowledged that they had detected malicious SolarWinds applications in its environment. One account is said to have been used to view the source code and source code repositories. However, they claim that the activity did not put the security of its services or customer data at risk.

Hundreds of thousands of companies and government organisations across the world use SolarWinds’ Orion software. Hackers infiltrated SolarWinds’ systems and inserted malicious code into updates that were sent out and installed by a number of the company’s customers. The updates were released between March and June 2020, meaning hackers were potentially able to spy on many of these organisations for many months. This is why organizations need to have the means to protect themselves from hackers by instilling dark web surveillance software. Such software alerts organizations when they or their data is at risk.