Hackers Attack Hi-Tech: FireEye and Microsoft Are Breached

The news of massive SolarWinds attacks broke on December 13th, and since then, with different mixed results, the topic has been discussed by all cyber security experts. Moreover, new threats and details have been recently discovered. And we're still far from identifying the accurate scope of the attacks.

Supply chain attacks aren't new to the cyber security world, and cyber security professionals at MBS Tech regularly help organizations prevent, assess, and reduce the threats. There are many notorious, widely known examples, such as Target (a large US retailer) in 2014, Equifax (a leading global data, analytics, and technology company) in 2017, British Airways in 2018, SolarWinds in 2020, and recent Microsoft Exchange Server in 2021. But the SolarWinds attacks were the first to show that they grow very fast, develop immensely, and the losses are unpredictable. This campaign affected such well-known organizations with robust cyber security systems as Microsoft and FireEye as well as federal departments, and it hasn't finished yet.

FireEye and Microsoft Breached by and Investigating the SolarWind Hack

A large supply chain attack compromising the data of thousands of various organizations and crucial governmental structures in the USA and all over the world was revealed in December 2020. FireEye was a security company that found it had been breached, discovered the global campaign, and reported first. The actor and the campaign of attacks are known as UNC2452 (FireEye's term) or Nobelium (Microsoft's term; previously called Solarigate).

Hackers, suspectedly Russians, attacked SolarWinds - one of the USA's leading IT management and security companies. Malicious actors trojanized SolarWinds Orion - an IT management and monitoring platform - software updates by Sunburst (FireEye's experts' term for the malware). About 18,000 SolarWinds' clients downloaded the infected version of the platform. Among the clients, there were Fortune 500 companies and critical US governmental institutions.

Solarwinds Follow-on Attacks - FireEye and Microsoft Reveal More Malware

FireEye and Microsoft researchers have recently unmasked a new malware family (Sunshuttle/GoldMax), supposedly a second-stage backdoor. Additionally, Microsoft discovered two more malware families - Sibot and GoldFinder.

Attack on Microsoft Corporation

Only months after SolarWinds attacks, another attack on hi-tech came- huge in scopes and numbers of victims and with incredible speed. Malicious actors, suspectedly a Chinese hacking group, broke into private and federal networks through Microsoft Exchange Server. Among their victims, there are small and medium-sized businesses, banks, electricity providers, local government agencies, etc.

Potential for Mandatory Reporting of Cyber Attacks Discussed in the US Senate

Now that the severe global threats are coming so quickly, the governments will do everything to assess and address the impact of the attacks. The SolarWinds supply chain attack raised existing concerns about the importance of data breach reporting by private organizations. FireEye discovered the attack because their systems had been breached, but it was only their decent initiative to disclose it - not an obligation. Today organizations aren't obliged to report or notify about data breaches as there isn't any federal law. And the case with SolarWinds supply chain attacks showed that data breach disclosure could be vital for national security. But for FireEye's report, the scopes and losses of this still not finished global intrusion campaign could be far worse. And nobody could know when or if it had been discovered.

Prioritize Cyber Security

Recent cyber security breaches on FireEye and Microsoft showed that cyber security is vital for all organizations, country's structures, for the whole world. Countries' leaders and governments need to take care of national security and consider how to reduce the risks. Citizens and private organizations must raise cyber security awareness and utilize effective cyber security practices because our safe and decent future is at stake. In such a way, you'll put some load off the cyber security professionals' shoulders and let them concentrate on critical issues ahead.