
The SolarWinds hackers only gained access to the U.S. Treasury Department’s unclassified systems and were unable to displace “large amounts of information,” said Secretary of the Treasury Steve Mnuchin.
“At this point, we do not see any break-in into our classified systems,” Mnuchin said on CNBC Monday morning. “Our unclassified systems did have some access. I will say the good is there’s been no damage, nor have we seen any large amounts of information displaced.”
The Treasury Department is working with the National Security Council (NSC) and the intelligence agencies and is “completely on top on this,” according to Mnuchin. Mnuchin said the Treasury breach was the result of “some third party software,” which others in the federal government and private sector have identified as being the SolarWinds Orion network monitoring platform.
[Related: Cisco Hacked Through SolarWinds As Tech Casualties Mount]
The Washington Post first reported Dec. 13 that the U.S. Treasury and the U.S. Commerce Departments were breached through SolarWinds as part of a campaign orchestrated by the Russian foreign intelligence service, also known as APT29 or Cozy Bear. Since then, Reuters has reported that the U.S. Departments of Defense, State, Energy and Homeland Security were also breached.
Secretary of State Mike Pompeo Friday became the first Trump administration official to blame Russia for injecting malicious code into updates of the SolarWinds Orion, telling conservative talk radio host Mark Levin that “we can say pretty clearly that it was the Russians that engaged in this activity.”
A day later, President Donald Trump contradicted his top diplomat, tweeting out, “Russia, Russia, Russia is the priority chant when anything happens because Lamestream [Media] is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
No cybersecurity vendors have formally attributed the months-long campaign to Russia yet, though Microsoft President Brad Smith noted Thursday that the malicious SolarWinds Orion updates reached organizations in “many major national capitals outside Russia.” Outside of Trump, no administration officials, news organizations or cybersecurity vendors have said that China could be behind the effort.
FireEye put the Russia hacking campaign in the public consciousness Dec. 8 when the company disclosed that it was breached in an attack designed to gain information on some of the threat intelligence vendor’s government customers. The attacker was able to access some of FireEye’s internal systems but apparently didn’t exfiltrate data from the company’s primary systems that store customer information.
Then on Thursday, Reuters reported that Microsoft was compromised via SolarWinds, with suspected Russian hackers using Microsoft’s own products to further the attacks on other victims. Microsoft told CRN Thursday that Reuters’ sources are “misinformed or misinterpreting their information,“ but acknowledged the software giant had ”detected malicious SolarWinds binaries” in its environment.
On Friday afternoon, KrebsOnSecurity reported that a VMware vulnerability allowing federated authentication abuse and access to protected data was used by the SolarWinds hackers to attack high-value targets. VMware told CRN Friday that it had received no notification or indication that this vulnerability “was used in conjunction with the SolarWinds supply chain compromise.”
A couple of hours later, Bloomberg reported that internal machines used by Cisco researchers were targeted via SolarWinds, with roughly two dozen computers in a Cisco lab compromised through malicious Orion updates. The San Jose, Calif.-based networking giant told CRN its security team moved quickly to address the issue, and that there isn’t currently any known impact to Cisco offers or products.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center
