The White House team leading the investigation into the SolarWinds hack is worried that the breach of 100 US companies has the potential to make the initial compromise a headache in future.
Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology at the White House, said in a press briefing that nine government agencies were breached while many of the 100 private sector US organizations that were breached were technology companies.
More on privacy
"Many of the private sector compromises are technology companies including networks of companies whose products could be used to launch additional intrusions," said Neuberger, a former director of cybersecurity at the National Security Agency.
SEE: Network security policy (TechRepublic Premium)
Attackers that the US says are of "likely Russian origin" had compromised the software build system of US software vendor SolarWinds and planted the Sunburst backdoor in its widely used Orion product for monitoring enterprise networks.
That 100 private sector firms were breached in the attack paints a different picture to what was known in December, when Microsoft and FireEye, that were both breached, disclosed the attack.
At that stage there were eight federal agencies confirmed to have been breached, including the US Treasury Department, the Department of Homeland Security, the US Department of State, the US Department of Energy, and the National Nuclear Security Administration.
However, back then Microsoft and FireEye were the two most significant private sector companies known to have been compromised by the tainted Orion update ..
Support the originator by clicking the read the rest link below.
