{"id":3248,"date":"2020-12-14T15:55:04","date_gmt":"2020-12-14T19:55:04","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3248"},"modified":"2020-12-14T15:55:04","modified_gmt":"2020-12-14T19:55:04","slug":"solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/","title":{"rendered":"SolarWinds Supply Chain Attack Leads to Attack on U.S. Federal Government"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2994\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\" alt=\"SolarWinds Supply Chain Attack Leads to Attack on U.S. Federal Government  \" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to reports from Microsoft and FireEye, a hacking group began with a malware intrusion and a privilege escalation attack once in the network. Then, the hackers used these admin privileges to insert a backdoor into a SolarWinds DLL folder, using legitimate certificates. From there, hackers conducted lateral movements and data thefts via malicious, malware-laden updates.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><div class=\"box box3\">ALERT: Our <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">Buyer\u2019s Guide for SIEM<\/a> helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.<\/div><\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In a statement, <\/span><a href=\"https:\/\/msrc-blog.microsoft.com\/2020\/12\/13\/customer-guidance-on-recent-nation-state-cyber-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">Microsoft<\/span><\/a><span style=\"font-weight: 400\"> notes, \u201cAlthough we do not know how the backdoor code made it into the library, from the recent campaigns, research indicates that the attackers might have compromised internal build or distribution systems of SolarWinds.\u201d\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In a filing with the SEC, SolarWinds confirmed the compromise and the release of a clean version of the Orion software. SolarWinds specified that the source code did not become compromised in the attack.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As a result of the SolarWinds supply chain attack, numerous government and private sector entities suffered at the hands of the hacking group. These include the U.S. Treasury Department, the U.S. Department of Commerce\u2019s National Telecommunications and Information Administration (NTIA), and FireEye. The attack appears connected to multiple network intrusions and the theft of cybersecurity tools from FireEye.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">SolarWinds disclosed in a <a href=\"https:\/\/www.solarwinds.com\/securityadvisory\" target=\"_blank\" rel=\"noopener noreferrer\">security advisory<\/a>, <\/span><span style=\"font-weight: 400\">\u201cWe have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.\u201d This would make it one of the most devastating and dangerous nation0state attacks ever conducted.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\">A upply chain attack involves hackers looking for and exploiting vulnerabilities in the supply network of a buisness. While the specifics can vary from attack to attack, the core of all such attacks involves planting hard-to-detect malware earlier in the chain to attack the real targets further down the chain.<\/p>\n<h3 style=\"text-align: justify\"><b>SolarWinds Supply Chain Attack Expert Commentary<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Ekaterina Khrustaleva, Chief Operating Officer at <\/span><a href=\"https:\/\/www.immuniweb.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">ImmuniWeb<\/span><\/a><span style=\"font-weight: 400\">, shared these thoughts.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cSupply chain attacks have surged in 2020: they offer rapid and inexpensive access to valuable data held by VIP victims. The victims, like has happened in the SolarWinds case, usually have no technical means to detect intrusion in a timely manner unless the breached supplier informs them.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;Most of the suppliers cannot afford the same level of incident detection and response (IDR) as their clients for financial and organizational reasons. Eventually, hackers and nation-state threat actors deliberately target the weakest link, get fast results, frequently remain undetected and unpunished. Attribution of sophisticated APT attacks, as reportedly affected SolarWinds and subsequently its customers, remains a highly complicated, time-consuming, and costly task. Global cooperation in cybercrime prosecution is vital to break the impasse and make computer crime investigable.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to Ekaterina Khrustaleva for her time and expertise. Learn more in our <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0 According to reports from Microsoft and FireEye, a hacking group began with a malware intrusion and a privilege escalation attack once in the network. Then, the hackers used these admin privileges to insert a backdoor into a SolarWinds [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2994,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,3],"tags":[95,145,493,112,86,259,21,57,22,83,1470],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SolarWinds Supply Chain Attack Leads to Attack on U.S. Government<\/title>\n<meta name=\"description\" content=\"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds Supply Chain Attack Leads to Attack on U.S. Government\" \/>\n<meta property=\"og:description\" content=\"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-14T19:55:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/\",\"name\":\"SolarWinds Supply Chain Attack Leads to Attack on U.S. Government\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"datePublished\":\"2020-12-14T19:55:04+00:00\",\"dateModified\":\"2020-12-14T19:55:04+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SolarWinds Supply Chain Attack Leads to Attack on U.S. Federal Government\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds Supply Chain Attack Leads to Attack on U.S. Government","description":"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds Supply Chain Attack Leads to Attack on U.S. Government","og_description":"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2020-12-14T19:55:04+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/","name":"SolarWinds Supply Chain Attack Leads to Attack on U.S. Government","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","datePublished":"2020-12-14T19:55:04+00:00","dateModified":"2020-12-14T19:55:04+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"According to multiple reports, SolarWinds suffered from a supply chain attack that affected multiple U.S. government departments.\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/04\/ransomware-4-mod.jpg","width":800,"height":400,"caption":"GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/solarwinds-supply-chain-attack-leads-to-attack-on-u-s-federal-government\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"SolarWinds Supply Chain Attack Leads to Attack on U.S. Federal Government"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3248"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3248"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3248\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2994"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}