You can read the pages below (and click to enlarge) and/or the text below:
SolarWinds Hack Was the Largest and Most
Sophisticated Attack Ever
April 14, 2021
By Paul Davis
Back in November of 2019, Microsoft’s President Brad Smith was questioned on 60 Minutes about the SolarWinds cyber hack, which the U.S. intelligence community stated was likely committed by “an actor Russian in origin.”
“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith said.
On February 23rd, Florida Republican Senator Marco Rubio, the Senate Select Committee on Intelligence’s Vice Chairman, spoke at an open hearing on the SolarWinds Hack.
He thanked their witnesses from Microsoft, Fire Eye, SolarWinds and Crowd Strike, who appeared before the committee to discuss what has been called the largest cyber supply chain operation ever detected.
Rubio noted that the cyber operation involved the modification of the SolarWinds Orion platform, a widely used software product, to include a malicious backdoor that was downloaded by up to 18,000 SolarWinds customers between March and June 2020.
“Perhaps most insidious about the operation was that it hijacked the very security advice promulgated by computer security professionals to verify and apply patches as they are issued,’ Rubio said. “There are many concerning aspects to this operation that raise significant questions.”
Rubio stated that it was his understanding that if FireEye had not investigated an anomalous event within its own network in November of 2020, it was quite possible that the hack operation would be continuing unfettered even now.
“Despite the investment that we have made in cybersecurity, collectively between the government and the private sector, no one detected this activity earlier – and this actor was within SolarWinds network since at least September 2019,” Rubio said. “Put simply, how did we miss this? What are we still missing? And what do we need to do to make sure we don’t miss it again?”
Testifying before the committee, Microsoft’s Smith stated that at this stage, they’ve seen substantial evidence that points to the Russian foreign intelligence service, and they’ve not seen any evidence that leads them anywhere else.
Speaking before the U.S. Senate’s Judiciary Committee on March 2nd, FBI Director Christopher Wray spoke about a variety of issues, including the SolarWinds hack
“In 2020, nation-state and criminal cyber actors took advantage of people and networks made more vulnerable by the sudden shift of our personal and professional lives online due to the COVID-19 pandemic, targeting those searching for personal protective equipment, worried about stimulus checks, and conducting vaccine research,” Wray testified. “Throughout the last year, the FBI has seen a wider-than-ever range of cyber actors threaten Americans’ safety, security, and confidence in our digitally connected world. Cyber-criminal syndicates and nation-states keep innovating ways to compromise our networks and maximize the reach and impact of their operations, such as by selling malware as a service or by targeting vendors as a way to access scores of victims by hacking just one provider.”
Wray stated that the criminals and nation-states believe they can compromise U.S. networks, steal U.S. property, and hold U.S. critical infrastructure at risk without incurring any risk to themselves.
“In the last year alone, we have seen, and have publicly called out, China, North Korea, and Russia for using cyber operations to target U.S. COVID-19 vaccines and research,” Wray said. “We have seen the far-reaching disruptive impact a serious supply-chain compromise can have through the SolarWinds intrusions, which we believe was conducted by an Advanced Persistent Threat actor, likely Russian in origin.”
“We have seen China working to obtain controlled defense technology and developing the ability to use cyber means to complement any future real-world conflict. We have seen Iran use cyber means to try to sow divisions and undermine our elections, targeting voters before the November election and threatening election officials after.”
Wray said they have to make it harder and more painful for hackers and criminals, which is why he announced the new FBI cyber strategy last year, using the FBI’s role as the lead federal agency with law enforcement and intelligence responsibilities to not only pursue FBI actions, but to work seamlessly with the FBI’s domestic and international partners to defend their networks, attribute malicious activity, sanction bad behavior, and take the fight to adversaries overseas.
“We must impose consequences on cyber adversaries and use our collective law enforcement and intelligence capabilities to do so through joint and enabled operations sequenced for maximum impact,” Wray said. “And we must continue to work with the Department of State and other key agencies to ensure that our foreign partners are able and willing to cooperate in our efforts to bring the perpetrators of cybercrime to justice.”
But Wray, noted, the government needs the private sector to do its part as well.
“We need the private sector to come forward to warn us—and warn us quickly—when they see malicious activity. We also need the private sector to work with us when we warn them that they are being targeted. The SolarWinds example only emphasizes what I have been saying for a long time: The government cannot protect against cyber threats on its own. We need a whole-of-society approach that matches the scope of the danger. There is really no other option for defending a country where nearly all of our critical infrastructure, personal data, intellectual property, and network infrastructure sits in private hands.”