It is not accurate to describe widespread cyber intrusions that compromised several government agencies and cybersecurity companies as the SolarWinds hack, Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said, putting a figure on the significant number of the victims that didn’t use the company’s IT management software.
CISA previously noted that SolarWinds was not the only attack vector in the hacking campaign, and both CISA and the National Security Agency have tailored their guidance on the suspected threat actor to address configuration issues in Microsoft’s Office 365 offering.
In an interview for a Wall Street Journal story published Friday, Wales said approximately 30% of the hackers’ victims, both in the public and private sectors, didn’t have a direct connection to SolarWinds. Wales also said Microsoft’s was the only cloud service the agency knows to have been targeted.
“It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign,” he said.
The Journal also reported that SolarWinds is investigating whether the hackers initially gained access to its systems via Microsoft’s cloud, rather than the other way around.
In an editor’s note on a blog post by President Brad Smith following initial reports of the breaches—including Microsoft’s compromise—Microsoft noted that it had “detected malicious SolarWinds binaries in our environment,” just like other SolarWinds customers. SolarWinds estimated 18,000 of its customers installed an update carrying malware the hackers had inserted into their code and used to establish remote control of victims’ computers a ..
Support the originator by clicking the read the rest link below.
