Authorities investigating suspected Russian hacking into the US Treasury Department report that the operation extended far beyond SolarWinds.
The hacking of the National Telecommunications and Information Administration (NTIA), in late 2020, reportedly involved exploiting vulnerabilities in many systems. It was not, as previously suspected, confined to the SolarWinds networking software.
According to the Wall Street Journal, almost a third of all victims of the hacking did not use SolarWinds, and had no connection with the product. Brandon Wales, acting director of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said that the hackers used far more avenues than initially believed.
“[The attackers] gained access to their targets in a variety of ways,” Wales told the Wall Street Journal in an interview. “This adversary has been creative. It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”
SolarWinds has over 300,000 customers worldwide, and its networking software is in use by 412 of the US Fortune 500 customers. The hack reportedly used SolarWinds technology management software to circumvent security authentication in Microsoft’s Office 365.
“This is certainly one of the most sophisticated actors that we have ever tracked in terms of their approach, their discipline and range of techniques that they have,” John Lambert, the manager of Microsoft’s Threat Intelligence Center, told the Wall Street Journal.
The Cybersecurity and Infrastructure Security Agency has not named other systems involved. However, according to the Wall Street Journal, the investigators said that this incident showed that sophisticated hackers could exploit authentication vulnerabilities to move between different cloud accounts.
Investigators at SolarWinds itself are reportedly examining whether it was Microsoft’s cloud that was the initial starting point for the attack.
“We continue to collaborate closely with federal law enforcement and intelligence agencies to investigate the full scope of this unprecedented attack,” said a SolarWinds spokesperson.
The investigations are continuing.
AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.
