2020年美國聯邦政府數據泄露事件
2020年美國聯邦政府數據泄露事件是指在2020年,一個由他國政府支援的組織發動了一場大規模網絡攻擊。[1][27][28]全球包括美國各級政府部門、北約、英國政府、歐洲議會、微軟等至少200個政府單位、組織或公司受到影響,其中一些組織的數據可能也遭到了泄露。[29][30]由於此次網絡攻擊和數據泄露事件持續時間久,目標知名度高、敏感性強,多家媒體將其列為美國遭受過的最嚴重的網絡安全事件。
日期 | |
---|---|
持續時間 | 至少8個月[11] 或9個月 |
地點 | 美國、英國、西班牙、以色列、阿聯酋、加拿大、墨西哥等[12] |
類型 | 網絡攻擊, 數據泄露 |
主題 | 惡意軟件, 軟件後門, 進階持續性威脅, 間諜 |
起因 | |
首個報道者 | |
疑犯 |
此次攻擊在2020年12月13日首次公開報道前已經持續數月,最初披露的報告列明的受影響組織僅包括美國財政部和美國商務部下屬的國家電信和資訊管理局(NTIA)。隨後,更多單位發現其數據遭到泄露。[24][25][1][5][29]
此次網絡攻擊事件最晚開始於2020年3月[31][10],期間,攻擊者至少利用了微軟、SolarWinds和VMware三家企業的軟件或憑證。[32][20]攻擊者通過對微軟雲服務實施供應鏈攻擊獲得入侵微軟雲服務客戶的能力[15][16][17]。SolarWinds作為微軟雲客戶之一遭到入侵,隨後其存在嚴重安全缺陷的軟件發佈基礎設施遭到控制,其廣泛應用於美國政府和工業部門的Orion軟件被攻擊者植入後門。入侵者利用植入Orion的後門成功竊取大量機密資訊。[33]此外,微軟和VMware產品中的缺陷允許攻擊者非法訪問電子郵件等文件或通過單一登入完成統一身份認證。[22][23][13][14][34][35]
除了數據被盜外,這次攻擊還給成千上萬的SolarWinds客戶帶來了巨大的麻煩。為防不測,他們不得不關閉系統、檢查組織是否被入侵並開始為期數月的污染清除工作。[36][37]美國參議員迪克·德賓稱此次網絡攻擊「相當於一次宣戰的攻擊」。[38][4]襲擊被發現後,時任美國總統當勞·特朗普沉默了幾天,推文稱「假媒體總是優先質疑網絡攻擊來自俄羅斯,卻不敢討論網攻可能來自中國。」有媒體解讀川普暗示中國(而不是俄羅斯)具有嫌疑,並表示「一切都在掌控之中」。[39][40]《路透社》2021年2月報導,5名知情人士透露,美國聯邦調查局調查員發現,來自中國的黑客,利用SolarWinds軟件漏洞侵入美國政府電腦,黑客所用的電腦系統和入侵工具,與由政權支援的中國網絡間諜所部署的一樣。[41]
背景
此次事件在當勞·特朗普總統任期的最後一年中持續了8到9個月。由於特朗普在2018年取消了網絡安全協調員這一職位,在攻擊發生時白宮沒有相關專業人才。[42][43]2020年12月13日,當此次攻擊事件被曝光,負責協調此類事故應對的網絡安全和基礎設施安全域(CISA)也缺少一名通過參議院確認程式的局長[44]——2020年11月18日,這一美國國家網絡安全機構的最高官員克里斯·克雷布斯被特朗普解僱。[45][46][47]與此同時,CISA的上級機構美國國土安全部(DHS)也缺少通過參議員確認程式的部長、副部長、總顧問、主管情報和分析的次長和負責管理的次長;與此同時,特朗普仍在逼迫CISA的副部長下台。[48][49][50]此外,美國政府問責署和其他機構提出的許多聯邦網絡安全建議也沒有得到實施。[51]
SolarWinds是一家總部位於德克薩斯州的美國政府網絡監控服務承包商,在此次攻擊之前其產品就已經曝出一些安全缺陷。[52]SolarWinds組織結構中沒有設置首席資訊保安官或網絡安全進階主管。[4][53]早在2017年就有犯罪分子有償提供SolarWinds基礎設施的訪問渠道。SolarWinds甚至建議用戶在安裝SolarWinds軟件之前禁用反病毒軟件。2019年11月,一名安全研究人員警告SolarWinds,稱他們的FTP伺服器「任何黑客都可能上載惡意內容並將這些內容傳送給SolarWinds的客戶「。[54][55][56] 由於SolarWinds的Microsoft Office 365帳戶已經被入侵,黑客可以訪問其電子郵箱,甚至可能可以訪問一些檔案。[57][58]
2020年12月7日,也就是公開確認SolarWinds產品被用於大規模網絡攻擊的前幾天,SolarWinds的前行政總裁凱文·湯普森退休。[59][60]當天,與該公司董事會有聯絡的兩家私募股權公司拋售大量該公司股票。然而,被問及時這些公司否認進行內幕交易。[61]
攻擊方法
微軟漏洞利用
攻擊者利用了微軟產品、服務和軟件分銷基礎設施中的缺陷。[22][14][9][17]
至少有一家微軟雲服務分銷商被攻擊者入侵,這構成了一種供應鏈攻擊,使得攻擊者能夠訪問被入侵分銷商客戶使用的雲服務。[15][16][17]
除此之外,「Zerologon」漏洞(微軟認證協定NetLogon中的一個漏洞)允許攻擊者取得被入侵的微軟網絡中的所有用戶名和密碼。[22][23]這使得他們可以取得其他憑證來取得網絡上其他合法用戶的權限,幫助他們入侵Microsoft Office 365服務中的電子郵箱。
此外,微軟Outlook網頁應用的一個缺陷可能允許攻擊者繞過多重身份驗證。[13][14][64]
此次事件中的攻擊者入侵了Microsoft Office 365,他們在長達幾個月的時間裏監控了美國國家電信資訊局(NTIA)和美國財政部工作人員的內部電子郵件。[9][45]他們的攻擊顯然使用了某種偽造的身份標記來繞過微軟的認證系統。[65][66]單一登入功能的存在則增加了攻擊的可行性。[35]
SolarWinds漏洞利用
攻擊者也對SolarWinds使用了供應鏈攻擊。[67]攻擊者可能通過已控制的SolarWindsde的Office 365帳戶控制了其公司的軟件構建系統。[68][52][57][58]
2019年9月之前攻擊者已經控制了SolarWinds的軟件發佈基礎設施。[69][70]在構建系統中,攻擊者修改了SolarWinds提供給網絡監控軟件Orion用戶的軟件更新。[71][72] 首次已知非法修改作為攻擊者的概念驗證(PoF)發生於2019年10月,這意味着他們已經取得了整個基礎設施網絡的控制權。
2020年3月,攻擊者開始在Orion更新中植入用於攻擊目標的遠端訪問工具。[33][73][74][75][9][76] 當用戶安裝更新,惡意程式將隨之安裝至受害者的系統。在休眠12-14天後該程式將開始嘗試連接並加入攻擊者的殭屍網絡。[77][78][79][80]成功加入網絡後,攻擊者將獲得對該系統的控制後門[81]。攻擊者巧妙地將惡意程式流量偽裝成合法Solarwinds流量來掩蓋其意圖。[68][82]根據CDN服務商統計,起初幾周訪問攻擊者殭屍網絡的流量主要來自北美,隨後拓展到南美、歐洲和亞洲。[83]
攻擊者似乎只使用了高價值目標系統的後門程式,[77]一旦進入目標網絡,攻擊者就會安裝Cobalt strike等工具來提升權限。[84][82][68][1]由於Orion作為一個可信的第三方應用程式連接到客戶的Office 365帳戶,攻擊者可以獲得訪問電子郵件和其他機密檔案的權限。[85]這種權限使得他們能夠在系統中尋找有效的SAML證書,並使用這些證書偽裝成合法用戶,使用其他本地或線上服務並加密轉移他們感興趣的數據。[86]一旦竊取到合法身份,關閉Orion便不再能夠切斷攻擊者對目標的訪問。[5][87][88][67]
攻擊者的殭屍網絡控制器寄存在亞馬遜、微軟、GoDaddy等美國公司的商業雲服務上。[89]由於惡意軟件是全新開發,且攻擊流量來自美國本土,攻擊者成功繞過DHS的國家網絡安全系統Einstein。[79][4][90]
聯邦調查局(FBI)的調查人員還發現,SolarWinds產品中的其他漏洞被另一組黑客利用,入侵了美國政府的電腦系統。[91]
VMware漏洞利用
此次事件中的攻擊者還利用了VMware Access和VMware身份管理器的漏洞。這些漏洞能幫助入侵者持久化入侵成果。[20][21]截至2020年12月18日,雖然已經確定SUNBURST木馬足夠幫助入侵者利用VMware的漏洞,但是攻擊者是否使用過該漏洞仍舊不明。
發現
微軟漏洞
在2019年和2020年期間,網絡安全公司Volexity發現一匿名智庫的微軟產品存在漏洞並遭到入侵者利用。[92][93][13]攻擊者使用獨特的方法利用了該組織Exchange控制面板中的一個漏洞繞過了多重身份驗證。2020年6月至7月,Volexity發現SolarWinds Orion漏洞植入了木馬。即:微軟漏洞(攻擊入口)和SolarWinds供應鏈攻擊(攻擊目標)可以被入侵者結合,用來實現目的。Volexity表示他們無法確認攻擊者的身份。
同樣在2020年,微軟發現有攻擊者試圖使用微軟Azure基礎設施非法訪問CrowdStrike的電子郵箱。由於CrowdStrike出於安全考慮不使用Office365處理郵件,這次攻擊失敗了。[94]
另外,在2020年10月前後,微軟威脅情報中心報告稱,一個明顯受到他國協助的攻擊者利用微軟NetLogon協定中的「ZeroLogon」漏洞進行攻擊。[22][23]2020年10月22日,CISA收到報告並向各州、地方、區縣政府發出警告,要求他們尋找自身網絡是否有遭到入侵的跡象,並指示他們如果受到威脅就重建網絡。[95]2020年12月,VirusTotal和The Intercept接連發現德州奧斯汀市政府遭到入侵跡象。
SolarWinds漏洞利用
2020年12月8日,網絡安全公司火眼(FireEye)稱其使用的紅方工具被它國政府支援的黑客組織竊取,其懷疑對象是俄羅斯對外情報局(SVR)。[96][97][98][26][99]火眼公司表示,在調查其自身遭到的入侵和工具盜竊案過程中,他們意外發現了SolarWinds供應鏈攻擊。[100][101]
FireEye在發現入侵行為後將其報告給負責美國網絡安全防護的美國國家安全域(NSA)。[1]在接獲火眼報告前,NSA對入侵毫不知情,而NSA也是SolarWinds的客戶。
幾天後,也就是12月13日,財政部和商務部遭入侵被公開,訊息人士稱這與火眼系統遭到入侵相關。[9][26]12月15日,火眼公司證實,攻擊財政部等部門與火眼的媒介均為植入SolarWinds Orion軟件升級的木馬程式。[54][102]
安全部門把注意力轉移到了Orion軟件升級上。發現被感染的版本是發佈於2020年3月至2020年6月間發佈的2019.4至2020.2.1HF1。[73][84]火眼將這款惡意軟件命名為SUNBURST。[18][19]微軟稱之為Solorigate。[52]攻擊者用來插入SUNBURST到Orion更新的工具後來被網絡安全公司CrowdStrike分離,他們稱之為SUNSPOT。[69][103][72]
DomainTools和ReversingLabs分別使用DNS數據和Orion二進制逆向工程進行了後續分析,為公眾揭示了攻擊的更多細節。
VMware漏洞利用
在2020年12月3日之前的一段時間,NSA發現並通知VMware其產品VMware Access和VMware身份管理器中存在漏洞。[20]後者2020年12月3日發佈了修補程式。2020年12月7日,NSA宣稱由於俄羅斯政府支援的攻擊者正在積極利用這些漏洞,用戶應當及時安裝修補程式。[104]
責任
調查結論
SolarWinds認為是外國勢力向Orion插入了惡意軟件。[10]俄羅斯支援的黑客組織被懷疑是幕後黑手。[105][9][24]美國官員表示,具體來講責任方可能是SVR或Cozy Bear(也稱為APT29)。[26][25]FireEye將攻擊者命名為UNC2452;事故應對公司Volexity稱他們為「暗暈(Dark Halo)」。[68][13][93]2020年12月23日,FireEye行政總裁表示,俄羅斯是最有可能的罪魁禍首,這些攻擊的手法與SVR慣用方法「非常相似」。[106]
2021年1月,網絡安全公司卡巴斯基實驗室稱SUNBURST類似於Kazuar。據信,與愛沙尼亞情報部門有關聯的APT團體Turla創造了Kazuar,而愛沙尼亞情報部門與俄羅斯聯邦安全域有聯絡。[107][103][108][109][110]
FBI的調查人員發現,疑似來自中國的黑客利用SolarWinds產品中的漏洞入侵美國政府機構(如農業部下轄國家財務中心)的電腦,可能危及數千名政府僱員的數據。黑客利用Orion代碼中的另一個漏洞幫助他們控制受害者的系統,因此這次入侵被認為獨立於前述攻擊行動。美國前聯邦首席資訊保安官格雷戈里·圖希爾(Gregory Touhill)將兩個黑客團體先後瞄準同一軟件的事實,比作自行車比賽中的「破風」行為。[111][91]
美國政府
2020年10月22日,CISA和FBI確認微軟ZeroLogin攻擊者為外國政府支援的APT組織Berserk Bear,它被認為是俄羅斯聯邦安全域的一部分。[22]
12月18日,時任美國國務卿邁克·彭佩奧說,俄羅斯「顯然」對這次網絡攻擊負有責任。[112][113][114]
12月19日,時任美國總統當勞·特朗普首次公開發表聲明,暗示可能是中國而不是俄羅斯對此負責,但沒有證據。[39][115][114][40]同一天,參議院情報委員會(Senate Intelligence Committee)代理主席、共和黨參議員馬爾科·盧比奧表示:「越來越清楚的是,俄羅斯情報部門對我國實施了歷史上最嚴重的網絡入侵」[30][116]
12月20日,民主黨參議員馬克·沃納在接受情報官員的簡報時說:「所有跡象都指向俄羅斯。」[117]
2020年12月21日,司法部長威廉·巴爾表示,他同意彭佩奧認定的網絡黑客來源,並且稱「肯定是俄羅斯人」,這與特朗普的說法相矛盾。[118][119][120]
2021年1月5日,CISA、FBI、NSA和美國國家情報總監辦公室聲稱,他們認為俄羅斯是最有可能的罪魁禍首。[121][122][123]
他國政府表態
俄羅斯否認與此事有關。[124]
2020年12月21日,中國外交部新聞發言人汪文斌答法新社記者問時表示:「美方在網絡攻擊問題上的有關指責是不嚴肅的,而且自相矛盾。美方對中方的相關指責是出於政治目的,意在抹黑栽贓中國。中方對此表示堅決反對。長期以來,美國把網絡安全問題政治化,在沒有確鑿證據的情況下,不斷散佈虛假資訊,向中國潑髒水,企圖損毀中國形象,誤導國際社會。這樣的言行與美方的國際地位完全不符。希望美方在網絡安全問題上能採取更加負責任的態度。」[125]
影響
美國財政部和商務部發現的這些漏洞立即引發了人們對其他部門亦被入侵的擔憂。[65][24]進一步的調查證明這些擔憂是有根據的。[1]不久,又有其他聯邦部門被發現遭到入侵。[126][6]
SolarWinds表示,在其30萬客戶中,有33,000客戶使用Orion。[1]其中,大約有18000名用戶安裝了被安插後門的版本。[5][127]
美國疾病控制和預防中心、司法部和一些公用事業公司已經下載安裝具有後門的版本。[1]其他SolarWinds的知名客戶包括洛斯阿拉莫斯國家實驗室、波音和大多數財富500強企業,但它們是否使用Orion尚不明確。[128]據報道,SolarWinds的海外客戶包括英國內政部、國民保健署和英國訊號情報處;北大西洋公約組織(NATO) ;歐洲議會;可能還有阿斯利康公司。[5][29]FireEye表示,北美、歐洲、亞洲和中東地區更多的政府、諮詢、技術、電信和採掘實體也可能受到影響。
僅僅安裝有後門的Orion並不一定足以導致數據泄露。[1][129]數據泄露調查因以下因素而變得複雜:
- 攻擊者可能移除了入侵留下的證據,使調查人員無法得知組織的數據是否泄露;
- 由於組織主幹網絡可能遭到入侵,相關組織可能啟用了安全的備用網絡並封鎖主幹網絡的數據,阻止了攻擊者竊取數據;
- Orion本身就是一個網絡監控工具,沒有這個工具,用戶對其網絡的控制能力會降低,因而無法感知入侵者的存在。[62][67]
截至2020年12月中旬,美國仍在追查數據泄露事件中被盜的數據並確定這些數據可能的用途。[9][130]評論人士表示,襲擊中竊取的資訊將在未來幾年增加犯罪者的影響力。[57][131][80]這些數據可能的用途包括攻擊像CIA和NSA這樣的硬目標,或者通過勒索招募間諜。[4][132]網絡衝突專家、柏林洪堡大學教授托馬斯·里德說:「被盜數據將有無數的用途」,他補充道:「所採集的數據量很可能是《月光迷宮》中的數據量的許多倍,如果把數據列印出來堆到一起,會比華盛頓紀念碑高得多。」
即使在沒有發生數據泄露的地方,此次事件影響也是顯著的。[37]CISA建議在重建前,將所有暴露在被入侵網絡中的裝置從可信來源列表中除去;而所有暴露在SolarWinds軟件中的憑證都應被視為受到破壞並重設。[133]安全公司還建議搜尋紀錄檔檔案,找出具體的危害。[134][135][136]
然而,攻擊者似乎刪除或篡改了紀錄檔記錄,並可能修改了網絡或系統設置。[62][137]前國土安全部顧問托馬斯·P·博塞特警告說,完全消除攻擊者給美國帶來的影響可能需要數年時間,使他們能夠在此期間繼續監視、摧毀或篡改數據。[36]哈佛大學的布魯斯·施耐爾和紐約大學學者、空軍網絡學院的創始院長潘諾認為受影響的網絡可能需要被整體更換。[138][139]
通過盜竊軟件金鑰,俄羅斯黑客能夠進入美國財政部最進階別官員使用的電子郵件系統。由於財政部在做出影響市場、經濟制裁等決定以及與美聯儲的互動中扮演着重要角色,儘管這個系統雖然並不機密性,但卻是高度敏感的。[120]
遭受數據泄露影響的實體清單
美國聯邦政府
政府機構類型 | 機構名稱 | 受影響部分 | 泄露數據 | 訊息源 |
---|---|---|---|---|
行政 | 農業部 | 國家財政中心 | [6][140][86][141][142][91] | |
商務部 | 國家電信資訊局 | [1][143][78][80][144][145][146] | ||
國防部 | 五角大樓部分網絡系統 | |||
能源部 | 國家核安全管理局 | [3][147][148][149][150][151][152] | ||
衛生及公共服務部 | 國家衛生院 | |||
國土安全部 | 網絡安全和基礎設施安全域 | [153][154] | ||
司法部 | ~3000寄存於Microsoft Office 365伺服器的電子郵箱帳戶 | [155][7][156][157][158][159] | ||
勞工部 | 勞工統計局 | [2] | ||
國務院 | ||||
財政部 | [160][161][162][35] | |||
司法 | 美國法院行政辦公室 | 案件管理與電子檔案系統(CM/ECF) | 包含密封檔案在內的庭審記錄 | [163][164][165][166][167][168][169][170][171] |
美國地方政府
州 | 受影響地區 | 訊息源 |
---|---|---|
亞利桑那 | 皮馬縣 | [172][173] |
加利福尼亞 | 加州州立醫院 | |
俄亥俄 | 肯特州立大學 | [174] |
德克薩斯 | 奧斯汀 | [22] |
私有組織
組織名稱 | 泄露數據內容 | 訊息源 |
---|---|---|
貝爾金 | [174] | |
思科系統 | [175][176][162][173] | |
考克斯通訊 | [172][177] | |
Equifax | ||
Fidelis Care | ||
火眼安全實驗室 |
|
[143][160][78][144] |
Malwarebytes Anti-Malware | ||
微軟 |
|
[32][149][178][179][180][181][182][3][183][184][185][145][146][154][186][187][188][189][190][191][192] |
Mimecast |
|
[193][194][195][196][197][198] |
輝達 | ||
派拓網絡 | [199] | |
勒瑞萊斯聖雅克科利斯 | ||
SolarWinds |
|
|
匿名智庫 | [13][129][93][14][64][123] | |
VMware |
對調查的回應
高新技術企業的回應
2020年12月8日,在其他組織被攻破之前,FireEye公佈了針對紅隊工具被盜的對策。[99][200]
2020年12月15日,微軟宣佈SUNBURST只影響使用Windows的電腦,從12月16日起相關惡意軟件已加入到微軟的資料庫中,Microsoft Denfender將能夠檢測並隔離SUNBURST。[201][144]
GoDaddy將攻擊中使用的殭屍網絡控制器的所有權交給了微軟,使微軟能夠啟用SUNBURST的自毀程式,並協助尋找受害者。
2020年12月14日,幾家美國公用事業公司的行政總裁召開會議,討論這些攻擊給電網帶來的風險。[1]2020年12月22日,美國北美電力可靠度協會要求電力公司報告他們接觸太陽風軟件的程度。[202]
在黑客攻擊後SolarWinds並未公佈受影響客戶列表,且根據網絡安全公司GreyNoise Intelligence訊息,截至12月15日,SolarWinds仍然沒有從其發佈伺服器上刪除受感染的軟件更新。[203][54][57][204]
2021年1月5日左右,SolarWinds的投資者以該公司產品缺乏安全性導致股票價格下跌為由對該公司提起集體訴訟。[205][206]不久之後,SolarWinds僱傭了前CISA部長開設的一家新的網絡安全公司。[207]
Linux基金會指出,如果Orion是開源的,用戶就能夠自行審查該軟件及其流通版本,提高惡意軟件被發現的概率。[208]
美國政府表態
2020年12月18日,時任國務卿彭佩奧表示,此次事件的一些細節將會保密。[71]
美國國家安全機構表態
2020年12月12日,美國國家安全委員會(NSC)為討論事件對聯邦組織的破壞在白宮召開會議。[9]2020年12月13日,CISA向聯邦機構發佈緊急指令,要求機構即使降低其對自身網絡的監控能力,也要關閉SolarWinds軟件來減少被入侵的風險。[1][133]
2020年12月14日,美國商務部證實其已經要求CISA和FBI就被入侵一事進行調查。[9][26][209]NSC啟動了奧巴馬時代的總統政策指令41,並召集了網絡反應小組。[210][42]美國網絡司令部威脅稱,調查結果出爐後,美國會迅速報復攻擊者。[211]
聯邦能源管理委員會(FERC)幫助彌補了CISA的人員短缺。[147][67][148]FBI、CISA和國家情報總監辦公室(ODNI)成立了一個網絡統一協調小組(UCG)來協調他們的努力。[212]
2020年12月24日,CISA表示,除了聯邦機構和已曝出的私人組織,一些州和地方政府網絡也受到了襲擊的影響,但沒有提供更多細節。[213]
美國國會表態
參議院軍事委員會的網絡安全小組委員會聽取了國防部官員的簡報。[88]眾議院國土安全委員會和眾議院監督和改革委員會啟動了一項調查。[32]參議院情報委員會代理主席馬爾科·盧比奧說,在確定肇事者的身份之後美國必須進行報復。[214]該委員會副主席馬克·華納(Mark Warner)批評特朗普總統沒有正面回應這起黑客事件。[215]
參議員羅恩·懷登呼籲對聯邦機構使用的軟件進行強制性安全審查。[143][141]
2020年12月22日,在美國財政部長史蒂文·努欽(Steven Mnuchin)告訴記者,他「完全了解這件事」之後,微軟向參議院財政委員會(Senate Finance Committee)通報稱黑客侵入了財政部進階官員辦公的財政部部門辦公室(department office)的系統,數十個財政部電子郵件帳戶被黑客竊取控制。[35][120]參議員威登表示,簡報顯示財政部「仍不清楚黑客的所有行動,或者確切地說,哪些財政部資訊被盜」。
2020年12月23日,參議員鮑勃·梅內德斯要求國務院公佈數據泄露情況,參議員理查德·布盧門撒爾也向退伍軍人管理局提出了同樣的要求。[216][217]
美國司法機構表態
美國法院行政辦公室與國土安全部一起對美國司法機構的案件管理/電子案件檔案系統(CM/ECF)進行了評估。[163][170]CM/ECF將停止線上接收高敏法院檔案,這些檔案只能以紙質材料形式或通過設有網閘的裝置歸檔。[165][166][167]
時任總統特朗普表態
事件曝光後,當勞·特朗普總統幾天沒有對此事發表評論。參議員米特·羅姆尼譴責稱特朗普「沉默且不作為」。[218]12月19日,特朗普首次公開談論了這些攻擊:他淡化了這次黑客攻擊,認為媒體誇大了事件的嚴重性,稱「一切都在控制之中」。特朗普在沒有證據的情況下提出可能是中國而不是俄羅斯應對這次攻擊負責。[115][114][112][219][220]
《路透社》2021年2月2日報導,5名知情人士透露,美國聯邦調查局FBI調查員發現,來自中國的黑客,利用SolarWinds太陽風的軟件漏洞,侵入美國政府電腦,導致數千名政府雇員資料可能外洩;黑客所用的電腦系統和入侵工具,與由政權支援的中國網絡間諜所部署的一樣。[41]
《紐約時報》報導稱,川普在沒有證據的情況下推測稱,這次攻擊可能還涉及對投票機的「攻擊」。特朗普的說法遭到了CISA前主管克里斯·克雷布斯的反駁,他指出特朗普的說法是不可能的。[1][221]曾主導通俄門案的民主黨籍眾議院情報委員會(House Intelligence Committee)主席亞當·希夫(Adam Schiff)稱特朗普的言論是「對我們國家安全的可恥背叛」,「聽起來像是克里姆林宮給他寫的稿子」。[222]
前國土安全顧問托馬斯·博塞特評論特朗普言論稱:「特朗普總統即將拋棄遭受俄羅斯侵害的聯邦政府,或許還有大量主要行業。」他還指出,為了減輕攻擊造成的破壞,需要國會採取行動,包括通過《國防授權法案》採取行動。[223][36] The Verge政策編輯拉塞爾·布蘭多姆(Russell Brandom)稱美國對此次黑客攻擊準備不足,並批評特朗普一貫「將聯邦網絡安全工作視為一個更具黨派色彩的戰場,之所以對網絡安全感興趣是因為它們作為政治大棒的價值」。布蘭多姆寫道,「這不是管理世界上最強大的情報機構的方式。」[44]弗雷德·卡普蘭(Fred Kaplan)在《Slate》雜誌上撰文批評特朗普宣揚虛假的選舉欺詐指控,同時「忽視了真正的網絡安全危機」,他寫道:「儘管特朗普對那些虛構的黑客竊取了選舉結果大發牢騷,但他對國家真正的網絡安全明顯不感興趣。」[42] 《時尚先生》評論員查爾斯·皮爾斯批評特朗普政府「玩忽職守」,稱特朗普是「不老實、無能的混亂代理人」[224]
總統拜登表態
時任當選總統喬·拜登說:「一個好的防禦系統是不夠的,我們首先需要擾亂敵人的計劃,阻止敵人的網絡攻擊。 面對我們國家遭受的網絡攻擊,我不會袖手旁觀。」[225]拜登說,他已經指示過渡團隊研究此次攻擊事件,將把網絡安全作為(下一屆)各級政府的首要任務,並將找出、懲罰攻擊者。[63][3] 拜登即將上任的幕僚長羅恩·克萊因說,拜登政府對黑客行為的回應將不僅僅是制裁。[226]
2020年12月22日,拜登表示「沒有看到任何能表明局勢得到控制的證據」,並稱他的過渡團隊仍然無法從特朗普政府獲得此次襲擊的部分簡報。[227][228]
2021年1月,拜登任命了兩個安全相關的白宮職位:國土安全顧問伊利沙伯·舍伍德-蘭德爾(Elizabeth Sherwood-Randall)和負責網絡和新興技術的副國家安全顧問安妮·紐伯格(Anne Neuberger)。[229]
世界其他地區回應
北約表示「為確定和減輕我們網絡的任何潛在風險,北約正在評估形勢。」[29]12月18日,英國國家網絡安全中心表示他們仍在確定這些攻擊對英國的影響。[230]英國和愛爾蘭的網絡安全機構發佈了針對SolarWinds客戶的警報。[124]
2020年12月23日,英國國家私隱權機構「資訊專員辦公室」要求英國組織立即檢查他們是否受到了影響。[106][231]
2020年12月24日,加拿大網絡安全中心要求加拿大的SolarWinds Orion用戶檢查系統是否受到攻擊。[232][233]
事件定性:網絡戰爭行為還是網絡間諜行為?
這次攻擊引發了一場辯論:這次黑客攻擊應該被視為網絡間諜活動還是網絡戰爭行為?[234]
大多數現任和前任美國官員認為,2020年的此次黑客攻擊是「令人震驚的間諜行為」,但由於攻擊者沒有破壞或篡改行為,也沒有造成對基礎設施(如對電網、電信網絡等)的實際損害,所以不是網絡戰爭。[235]大西洋理事會、哥倫比亞薩爾茨曼研究所的埃里卡·博格哈德和胡佛協會、海軍戰爭學院的傑奎琳·施耐德認為,這次入侵是一種間諜行為,可以用「逮捕、外交或反間諜」來回應,而且尚未被證明是一次在法律上允許美國以武力回應的網絡戰爭行為。[236]法學教授傑克·戈德史密斯寫道,這次黑客攻擊是一次具有破壞性的網絡間諜行為,但「並不違反國際法或國際規範」,並寫道,「由於美國自身的做法,美國政府歷來承認外國政府在美國政府網絡中從事網絡間諜活動的合法性。」[237] 法學教授米高·施密特對此參照了《塔林手冊》的例子以表示贊同。[238]
相比之下,微軟總裁布拉德·史密斯將此次黑客攻擊稱為網絡戰爭,稱「即使是在數字時代,這也不是『像往常一樣的間諜活動』。因為它『不僅針對特定目標,而且是對全球關鍵網絡基礎設施可靠性的攻擊』」[235][239][240]美國參議員理查德·杜賓稱此次襲擊相當於一場宣戰。[38][4]
關於美國可能的報復行為的辯論
為《連線》雜誌撰稿的博格哈德和施耐德認為,美國「應該繼續建立並依靠戰略威懾來說服各國不要將其收集的網絡情報武器化」。他們還表示,由於威懾可能無法有效阻止威脅行為者的網絡間諜企圖,美國還應該通過加強網絡防禦、更好的資訊共用和「前沿防禦」(減少俄羅斯和中國的攻擊性網絡能力)等方法,降低網絡間諜活動的成功率。[236]
戈德史密斯在為《The Dispatch》撰寫的文章中寫道:防禦和威懾網絡入侵戰略的失敗,應該促使美國考慮採取「相互克制」戰略。「即美國減少在外國網絡中的某些(間諜)活動,來換取對手在美國網絡中的寬容。」[237]
網絡安全作家布魯斯·施奈爾反對報復或增強攻擊能力,他建議採取一種以防禦為主導的戰略,並建議簽署《網絡空間信任與安全巴黎倡議》或參與全球網絡空間穩定委員會(Global Commission on the Stability of Cyberspace)。[241]
為《紐約時報》撰文時,前中央情報局特工、哈佛大學貝爾弗科學與國際事務中心情報專案主任保羅·科爾貝(Paul Kolbe)贊同了施奈爾的呼籲,要求美國改進網絡防禦和國際協定。他還指出,美國也在參與針對其它國家的類似行動,他稱這是一場相互的網絡衝突。[242]
在《Slate》雜誌上,弗雷德·卡普蘭發表評論稱,自1967年以來,導致這種電腦網絡入侵的結構性問題已經為公眾所知,而且歷屆美國政府都未能實施相關專家反覆要求的結構性防禦措施。[243]他指出,對間諜活動的過激反應與美國利益相左,而加強防禦並明確應對網絡衝突政策將是更有成效的策略。[244]
另見
參考資料
- ^ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 Sanger, David E.; Perlroth, Nicole; Schmitt, Eric. Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit. The New York Times. December 15, 2020 [December 15, 2020]. (原始內容存檔於December 18, 2020).
- ^ 2.0 2.1 Morath, Eric; Cambon, Sarah Chaney. SolarWinds Hack Leaves Market-Sensitive Labor Data Intact, Scalia Says. The Wall Street Journal. January 14, 2021 [2021-03-03]. (原始內容存檔於2021-06-07).
- ^ 3.0 3.1 3.2 3.3 Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed. Bloomberg L.P. December 17, 2020 [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack. The New York Times. December 16, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 5.0 5.1 5.2 5.3 5.4 Stubbs, Jack; Satter, Raphael; Menn, Joseph. U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack. Reuters. December 15, 2020 [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ 6.0 6.1 6.2 Fung, Brian. Why the US government hack is literally keeping security experts awake at night. CNN. [December 18, 2020]. (原始內容存檔於December 17, 2020).
- ^ 7.0 7.1 Goodin, Dan. DoJ says SolarWinds hackers breached its Office 365 system and read email. Ars Technica. January 7, 2021 [2021-03-03]. (原始內容存檔於2021-02-07).
- ^ SolarWinds Likely Hacked at Least One Year Before Breach Discovery. SecurityWeek.com. [2021-03-03]. (原始內容存檔於2021-02-18).
- ^ 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 Bing, Christopher. Suspected Russian hackers spied on U.S. Treasury emails – sources. Reuters. December 14, 2020 [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ 10.0 10.1 10.2 10.3 O'Brien, Matt. EXPLAINER: How bad is the hack that targeted US agencies?. Houston Chronicle. December 15, 2020 [December 15, 2020]. (原始內容存檔於December 14, 2020).
- ^ SolarWinds Orion: More US government agencies hacked. BBC. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Cook, James. Microsoft warns UK companies were targeted by SolarWinds hackers. December 18, 2020 [2021-03-03]. (原始內容存檔於2021-04-19) –透過www.telegraph.co.uk.
- ^ 13.0 13.1 13.2 13.3 13.4 13.5 Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank. SecurityWeek.com. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 14.0 14.1 14.2 14.3 14.4 Goodin, Dan. SolarWinds hackers have a clever way to bypass multi-factor authentication. Ars Technica. December 15, 2020 [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 15.0 15.1 15.2 Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk. www.msn.com. [2021-03-03]. (原始內容存檔於2021-04-17).
- ^ 16.0 16.1 16.2 Satter, Joseph Menn, Raphael. Suspected Russian hackers used Microsoft vendors to breach customers. December 24, 2020 [2021-03-03]. (原始內容存檔於2021-03-24).
- ^ 17.0 17.1 17.2 17.3 Perlroth, Nicole. Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks. December 25, 2020 [2021-03-03]. (原始內容存檔於2021-05-31).
- ^ 18.0 18.1 Microsoft, FireEye confirm SolarWinds supply chain attack. ZDNet. December 14, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 19.0 19.1 Sunburst Trojan – What You Need to Know. Deep Instinct. December 16, 2020 [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 20.0 20.1 20.2 20.3 20.4 VMware Flaw a Vector in SolarWinds Breach?. Krebs on Security. December 7, 2020 [December 18, 2020]. (原始內容存檔於2021-03-11).
- ^ 21.0 21.1 VMware Falls on Report Its Software Led to SolarWinds Breach. Bloomberg. December 18, 2020 [December 18, 2020]. (原始內容存檔於2021-03-26).
- ^ 22.0 22.1 22.2 22.3 22.4 22.5 22.6 22.7 22.8 Hvistendahl, Mara. Russian Hackers Have Been Inside Austin City Network for Months. The Intercept. December 17, 2020 [December 18, 2020]. (原始內容存檔於December 17, 2020).
- ^ 23.0 23.1 23.2 23.3 CISA orders agencies to quickly patch critical Netlogon bug. CyberScoop. September 21, 2020 [December 18, 2020]. (原始內容存檔於October 30, 2020).
- ^ 24.0 24.1 24.2 24.3 Bing, Christopher. REFILE-EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources. Reuters. December 13, 2020 [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ 25.0 25.1 25.2 25.3 25.4 Nakashima, Ellen. Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm. The Washington Post. December 13, 2020 [December 14, 2020]. (原始內容存檔於December 13, 2020).
- ^ 26.0 26.1 26.2 26.3 26.4 26.5 Federal government breached by Russian hackers who targeted FireEye. NBC News. [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo. BBC. 2020-12-19 [2020-12-19]. (原始內容存檔於2021-05-27).
- ^ Washington, Georgi Kantchev in Moscow and Warren P. Strobel in. How Russia's 'Info Warrior' Hackers Let Kremlin Play Geopolitics on the Cheap. Wall Street Journal. 2021-01-02 [2021-01-05]. ISSN 0099-9660. (原始內容存檔於2021-01-08) (美國英語).
- ^ 29.0 29.1 29.2 29.3 U.K. Government, NATO Join U.S. in Monitoring Risk From Hack. Bloomberg L.P. December 14, 2020 [December 16, 2020]. (原始內容存檔於December 15, 2020).
- ^ 30.0 30.1 At Least 200 Victims Identified in Suspected Russian Hacking. December 19, 2020 [2021-03-03]. (原始內容存檔於2021-04-06).
- ^ Bing, Christopher. Suspected Russian hackers spied on U.S. Treasury emails – sources. Reuters. December 14, 2020 [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ 32.0 32.1 32.2 Menn, Joseph. Microsoft says it found malicious software in its systems. Reuters. December 18, 2020 [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 33.0 33.1 Wolff, Josephine. What We Do and Don't Know About the Massive Federal Government Hack. Slate. December 16, 2020 [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Cimpanu, Catalin. NSA warns of federated login abuse for local-to-cloud attacks. Zero Day. Ziff-Davis. 2020-12-18 [2020-12-19]. (原始內容存檔於2021-02-09).
- ^ 35.0 35.1 35.2 35.3 Satter, Raphael. 'Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden. December 22, 2020 [2021-03-03]. (原始內容存檔於2020-12-28).
- ^ 36.0 36.1 36.2 It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns. MSN. [2021-03-03]. (原始內容存檔於2022-01-10).
- ^ 37.0 37.1 Here are the critical responses required of all businesses after SolarWinds supply-chain hack. SC Media. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 38.0 38.1 Gould, Joe. No. 2 Senate Democrat decries alleged Russian hack as 'virtual invasion'. Defense News. December 17, 2020 [2021-03-03]. (原始內容存檔於2021-01-31).
- ^ 39.0 39.1 Colvin, Jill. Trump downplays Russia in first comments on hacking campaign. Associated Press. 2020-12-19 [2020-12-20]. (原始內容存檔於2021-02-23).
- ^ 40.0 40.1 Stracqualursi, Veronica. Trump downplays massive cyber hack on government after Pompeo links attack to Russia. CNN. 19 December 2020 [19 December 2020]. (原始內容存檔於2021-05-13).
- ^ 41.0 41.1 Christopher Bing, Jack Stubbs, Raphael Satter, Joseph Menn. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources. 路透社REUTERS. 2021-02-02 [2021-03-03]. (原始內容存檔於2021-05-05).
- ^ 42.0 42.1 42.2 Kaplan, Fred. Trump Has Been Whining About Fake Fraud—and Ignoring a Real Cybersecurity Crisis. Slate. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Perlroth, Nicole; Sanger, David E. White House Eliminates Cybersecurity Coordinator Role (Published 2018). The New York Times. May 16, 2018 [December 16, 2020]. (原始內容存檔於December 13, 2020).
- ^ 44.0 44.1 Brandom, Russell. Trump's chaos made America a sitting duck for cyberattacks. The Verge. December 14, 2020 [December 17, 2020]. (原始內容存檔於December 15, 2020).
- ^ 45.0 45.1 Russian government hackers behind breach at US treasury and commerce departments. The Independent. December 13, 2020 [December 14, 2020]. (原始內容存檔於December 13, 2020).
- ^ Nakashima, Ellen; Miroff, Nick. Trump fires top DHS official who refuted his claims that the election was rigged. The Washington Post. November 17, 2020 [November 18, 2020]. (原始內容存檔於November 18, 2020).
- ^ Bowden, John. Hackers backed by foreign government breach Treasury, Commerce departments: reports. The Hill. December 13, 2020 [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ Cobb, Adrienne. Forensic News Roundup: Russia hacks U.S. government, Trump silent.. Forensic News. December 15, 2020 [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ Leadership. Department of Homeland Security. September 7, 2006 [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Miller, Maggie. Senior DHS cybersecurity official to step down at end of week. The Hill. November 12, 2020 [December 17, 2020]. (原始內容存檔於November 28, 2020).
- ^ Sebenius, Alyza. SolarWinds Hack Followed Years of Warnings of Weak Cybersecurity. Bloomberg.com. 2021-01-13 [2021-01-13]. (原始內容存檔於2021-05-17).
- ^ 52.0 52.1 52.2 The SolarWinds Perfect Storm: Default Password, Access Sales and More. threatpost.com. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ SolarWinds Adviser Warned of Lax Security Years Before Hack. December 21, 2020 [December 22, 2020]. (原始內容存檔於2021-05-16).
- ^ 54.0 54.1 54.2 SolarWinds Hack Could Affect 18K Customers. Krebs on Security. [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Varghese, Sam. SolarWinds FTP credentials were leaking on GitHub in November 2019. itwire.com. [December 17, 2020]. (原始內容存檔於December 15, 2020).
- ^ Hackers used SolarWinds' dominance against it in sprawling spy campaign. Reuters. December 16, 2020 [December 16, 2020]. (原始內容存檔於December 17, 2020) (英語).
- ^ 57.0 57.1 57.2 57.3 McCarthy, Kieren. SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks. The Register. [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 58.0 58.1 Claburn, Thomas. We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'. The Register. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ Novet, Jordan. SolarWinds hack has shaved 23% from software company's stock this week. CNBC. December 16, 2020 [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ McCarthy, Kieren. SolarWinds' shares drop 22 per cent. But what's this? $286m in stock sales just before hack announced?. The Register. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ SolarWinds falls under scrutiny after hack, stock sales. MarketWatch. Associated Press. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 62.0 62.1 62.2 Menn, Joseph. Microsoft says it found malicious software in its systems. Reuters. December 18, 2020 [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ 63.0 63.1 Sanger, David E.; Perlroth, Nicole. More Hacking Attacks Found as Officials Warn of 'Grave Risk' to U.S. Government. The New York Times. December 17, 2020 [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 64.0 64.1 How the SolarWinds Hackers Bypassed Duo's Multi-Factor Authentication – Schneier on Security. schneier.com. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 65.0 65.1 US treasury hacked by foreign government group – report. The Guardian. December 13, 2020 [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ Foreign government hacked into US Treasury Department's emails – reports. Sky News. [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ 67.0 67.1 67.2 67.3 No One Knows How Deep Russia's Hacking Rampage Goes. Wired. [December 16, 2020]. (原始內容存檔於December 17, 2020).
- ^ 68.0 68.1 68.2 68.3 Goodin, Dan. ~18,000 organizations downloaded backdoor planted by Cozy Bear hackers. Ars Technica. December 14, 2020 [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 69.0 69.1 Cimpanu, Catalin. Third malware strain discovered in SolarWinds supply chain attack. ZDNet. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-03-18).
- ^ Sebastian, Dave. SolarWinds Discloses Earlier Evidence of Hack. WSJ. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-06-07).
- ^ 71.0 71.1 Sharwood, Simon. Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ. The Register. [2021-03-03]. (原始內容存檔於2021-02-01).
- ^ 72.0 72.1 Corfield, Gareth. SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there – report. The Register. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-03-02).
- ^ 73.0 73.1 Cimpanu, Catalin. Microsoft to quarantine SolarWinds apps linked to recent hack. ZDNet. [December 16, 2020]. (原始內容存檔於December 17, 2020).
- ^ Lyons, Kim. Hackers backed by Russian government reportedly breached US government agencies. The Verge. December 13, 2020 [December 15, 2020]. (原始內容存檔於December 14, 2020).
- ^ CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products. CISA. [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ U.S. Government Agencies Hit by Hackers During Software Update. MSN. [December 14, 2020]. (原始內容存檔於December 18, 2020).
- ^ 77.0 77.1 Cimpanu, Catalin. Microsoft and industry partners seize key domain used in SolarWinds hack. ZDNet. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 78.0 78.1 78.2 DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report. threatpost.com. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 79.0 79.1 Timberg, Craig; Nakashima, Ellen. Russians outsmart US government hacker detection system — but Moscow denies involvement. The Independent. December 16, 2020 [December 16, 2016]. (原始內容存檔於December 18, 2020).
- ^ 80.0 80.1 80.2 SolarWinds: Why the Sunburst hack is so serious. BBC. December 16, 2020 [December 18, 2020]. (原始內容存檔於December 16, 2020).
- ^ FireEye, Microsoft create kill switch for SolarWinds backdoor. BleepingComputer. [December 18, 2020]. (原始內容存檔於December 17, 2020).
- ^ 82.0 82.1 SolarWinds Orion and UNC2452 – Summary and Recommendations. TrustedSec. December 14, 2020 [December 17, 2020]. (原始內容存檔於December 15, 2020).
- ^ Trend data on the SolarWinds Orion compromise. The Cloudflare Blog. December 16, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 84.0 84.1 After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation. SC Media. December 14, 2020 [December 17, 2020]. (原始內容存檔於December 15, 2020).
- ^ Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack. CipherCloud. December 18, 2020 [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ 86.0 86.1 Massive hack of US government launches search for answers as Russia named top suspect. ABC57. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ Dorfman, Zach. What we know about Russia's sprawling hack into federal agencies. Axios. [December 16, 2020]. (原始內容存檔於December 15, 2020).
- ^ 88.0 88.1 Schiff calls for 'urgent' work to defend nation in the wake of massive cyberattack. MSN. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ Unraveling Network Infrastructure Linked to the SolarWinds Hack. DomainTools. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it.. The Seattle Times. [December 16, 2020]. (原始內容存檔於December 18, 2020).
- ^ 91.0 91.1 91.2 Menn, Christopher Bing, Jack Stubbs, Raphael Satter, Joseph. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources. Reuters. 2021-02-03 [2021-02-08]. (原始內容存檔於2021-05-05) (英語).
- ^ Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Volexity. [2021-03-03]. (原始內容存檔於2021-05-31).
- ^ 93.0 93.1 93.2 Tarabay, Jamie. Hacking Spree by Suspected Russians Included U.S. Think Tank. Bloomberg L.P. December 15, 2020 [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ Microsoft alerts CrowdStrike of hackers' attempted break-in. CyberScoop. December 24, 2020 [2021-03-03]. (原始內容存檔於2021-01-04).
- ^ Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. CISA. [2021-03-03]. (原始內容存檔於2021-05-20).
- ^ Hackers backed by foreign government reportedly steal info from US Treasury. The Times of Israel. [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ Sanger, David E.; Perlroth, Nicole. FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State. The New York Times. December 8, 2020 [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ US cybersecurity firm FireEye says it was hacked by foreign government. The Guardian. December 9, 2020 [December 15, 2020]. (原始內容存檔於December 16, 2020).
- ^ 99.0 99.1 Russia's FireEye Hack Is a Statement—but Not a Catastrophe. Wired. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Suspected Russia SolarWinds hack exposed after FireEye cybersecurity firm found "backdoor". Newsweek. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. FireEye. December 13, 2020 [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ Paul, Kari. What you need to know about the biggest hack of the US government in years. The Guardian. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 103.0 103.1 Gatlan, Sergiu. New Sunspot malware found while investigating SolarWinds hack. BleepingComputer. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-05-29).
- ^ Goodin, Dan. NSA says Russian state hackers are using a VMware flaw to ransack networks. Ars Technica. 2020-12-07 [2020-12-19]. (原始內容存檔於2021-04-21).
- ^ Bing, Christopher. Russian-sponsored hackers behind broad security breach of U.S. agencies: sources. The Japan Times. December 14, 2020 [December 14, 2020]. (原始內容存檔於December 14, 2020).
- ^ 106.0 106.1 Katz, Justin. 50 orgs 'genuinely impacted' by SolarWinds hack, FireEye chief says. Defense Systems. 2020-12-23 [2021-03-03]. (原始內容存檔於2021-03-09).
- ^ SolarWinds malware has "curious" ties to Russian-speaking hackers. Ars Technica. 2021-01-11 [2021-01-13]. (原始內容存檔於2021-04-06).
- ^ Corfield, Gareth. Kaspersky Lab autopsies evidence on SolarWinds hack. The Register. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-05-18).
- ^ Greenberg, Andy. SolarWinds Hackers Shared Tricks With Known Russian Cyberspies. Wired. 2021-01-11 [2021-01-13]. (原始內容存檔於2021-03-05).
- ^ Roth, Andrew. Global cyber-espionage campaign linked to Russian spying tools. the Guardian. 2021-01-11 [2021-01-13]. (原始內容存檔於2021-04-13).
- ^ Castronuovo, Celine. US payroll agency targeted by Chinese hackers: report. TheHill. 2021-02-02 [2021-02-10]. (原始內容存檔於2021-02-12) (英語).
- ^ 112.0 112.1 Trump downplays government hack after Pompeo blames it on Russia. the Guardian. December 19, 2020 [2021-03-03]. (原始內容存檔於2021-03-08).
- ^ Byrnes, Jesse. Pompeo: Russia 'pretty clearly' behind massive cyberattack. The Hill. December 19, 2020 [2021-03-03]. (原始內容存檔於2021-03-02).
- ^ 114.0 114.1 114.2 Trump downplays massive US cyberattack, points to China. Deutsche Welle. December 19, 2020 [2021-03-03]. (原始內容存檔於2021-03-03).
- ^ 115.0 115.1 Axelrod, Tal. Trump downplays impact of hack, questions whether Russia involved. The Hill. December 19, 2020 [2021-03-03]. (原始內容存檔於2021-04-26).
- ^ US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach. December 20, 2020 [December 21, 2020]. (原始內容存檔於2021-03-11).
- ^ Trump finds himself isolated in refusal to blame Russia for big cyberattack. Los Angeles Times. December 20, 2020 [December 21, 2020]. (原始內容存檔於2021-02-22).
- ^ Janfaza, Rachel. Barr contradicts Trump by saying it 'certainly appears' Russia behind cyberattack. cnn.com. CNN. 21 December 2020 [26 December 2020]. (原始內容存檔於2021-01-02).
- ^ Wilkie, Christina. Attorney General Barr breaks with Trump, says SolarWinds hack 'certainly appears to be the Russians'. CNBC. NBCUniversal News Group. 21 December 2020 [22 December 2020]. (原始內容存檔於2021-04-12) (英語).
- ^ 120.0 120.1 120.2 Sanger, David E. Treasury Department's Senior Leaders Were Targeted by Hacking. December 22, 2020 [2021-03-03]. (原始內容存檔於2021-03-28).
- ^ US: Hack of Federal Agencies 'Likely Russian in Origin'. SecurityWeek. Associated Press. 2021-01-05 [2021-01-13]. (原始內容存檔於2021-02-11).
- ^ Goodin, Dan. Bucking Trump, NSA and FBI say Russia was "likely" behind SolarWinds hack. Ars Technica. January 6, 2021 [2021-03-03]. (原始內容存檔於2021-02-07).
- ^ 123.0 123.1 Russians are 'likely' perpetrators of US government hack, official report says. the Guardian. 2021-01-05 [2021-01-13]. (原始內容存檔於2021-04-13).
- ^ 124.0 124.1 U.S. Agencies and Companies Secure Networks After Huge Hack. Time. 2020-12-15 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 2020年12月21日外交部发言人汪文斌主持例行记者会 — 中华人民共和国驻新加坡共和国大使馆. www.chinaembassy.org.sg. [2021-03-06].
- ^ Richards, Zoë. Report: Massive Russian Hack Effort Breached DHS, State Department And NIH. Talking Points Memo. December 15, 2020 [December 17, 2020]. (原始內容存檔於December 15, 2020).
- ^ Cimpanu, Catalin. SEC filings: SolarWinds says 18,000 customers were impacted by recent hack. ZDNet. [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ Jankowicz, Mia. These big firms and US agencies all use software from the company breached in a massive hack being blamed on Russia. Business Insider. [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ 129.0 129.1 SolarWinds: The Hunt to Figure Out Who Was Breached. bankinfosecurity.com. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Hack may have exposed deep US secrets; damage yet unknown. The Independent. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 18, 2020).
- ^ US agencies, companies secure networks after huge hack. AP NEWS. December 14, 2020 [December 16, 2020]. (原始內容存檔於December 18, 2020).
- ^ Deep US institutional secrets may have been exposed in hack blamed on Russia. The Guardian. December 16, 2020 [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 133.0 133.1 Emergency Directive 21-01. cyber.dhs.gov. [December 15, 2020]. (原始內容存檔於December 15, 2020).
- ^ How Russian hackers infiltrated the US government for months without being spotted. MIT Technology Review. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ SolarWinds advanced cyberattack: What happened and what to do now. Malwarebytes Labs. December 14, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Overview of Recent Sunburst Targeted Attacks. Trend Micro. [December 18, 2020]. (原始內容存檔於December 15, 2020).
- ^ Hackers' Monthslong Head Start Hamstrings Probe of U.S. Breach. Bloomberg. December 18, 2020 [December 18, 2020]. (原始內容存檔於2021-04-19).
- ^ Hacked networks will need to be burned 'down to the ground'. The Independent. December 18, 2020 [2021-03-03]. (原始內容存檔於2021-02-18).
- ^ Satter, Raphael. Experts who wrestled with SolarWinds hackers say cleanup could take months - or longer. December 24, 2020.
- ^ Biden taps trusted figures to lead US climate fight; FDA says Moderna vaccine is highly protective; SolarWinds hack fallout spreads. The World from PRX. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 141.0 141.1 What Matters: The suspected Russian hack of the US government, explained. MSN. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Geller, Eric. The Big Hack: What we know, what we don't. Politico. 2020-12-17 [2020-12-19]. (原始內容存檔於2021-01-26).
- ^ 143.0 143.1 143.2 Cohen, Zachary; Salama, Vivian; Fung, Brian. US officials scramble to deal with suspected Russian hack of government agencies. CNN. [December 18, 2020]. (原始內容存檔於December 16, 2020).
- ^ 144.0 144.1 144.2 Cimpanu, Catalin. Microsoft to quarantine SolarWinds apps linked to recent hack. ZDNet. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 145.0 145.1 Dozier, Kimberly. U.S. Cyber Experts Scramble to Assess the Scope of the 'Hack of a Decade'. Time. 2020-12-18 [2020-12-19]. (原始內容存檔於2021-05-15).
- ^ 146.0 146.1 As Understanding of Russian Hacking Grows, So Does Alarm. The New York Times. 2021-01-02 [2021-01-13]. (原始內容存檔於2021-06-06).
- ^ 147.0 147.1 Nuclear weapons agency breached amid massive cyber onslaught. Politico. [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 148.0 148.1 Nuclear Weapons Agency Hacked in Widening Cyberattack – Report. threatpost.com. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 149.0 149.1 Goodin, Dan. Microsoft is reportedly added to the growing list of victims in SolarWinds hack. Ars Technica. December 17, 2020 [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Department of Energy says it was hacked in suspected Russian campaign. NBC News. [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ US nuclear agency a target in 'massive' cyber attack on federal government by suspected Russian hackers. Sky News. [2021-03-03]. (原始內容存檔於2021-02-18).
- ^ Security experts warn of long-term risk tied to Energy Department breach. SC Media. December 21, 2020 [2021-03-03]. (原始內容存檔於2021-01-26).
- ^ Nakashima, Ellen. DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign. The Washington Post. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ 154.0 154.1 Microsoft Says Russian Hackers Viewed Some of Its Source Code. The New York Times. 2020-12-31 [2021-01-13]. (原始內容存檔於2021-06-07).
- ^ Paul, Kari. DoJ confirms email accounts breached by SolarWinds hackers. the Guardian. 2021-01-06 [2021-01-13]. (原始內容存檔於2021-04-17).
- ^ Justice Department Says It's Been Affected by Russian Hack. SecurityWeek. Associated Press. January 6, 2021 [2021-01-11]. (原始內容存檔於2021-01-22).
- ^ Claburn, Thomas. JetBrains' build automation software eyed as possible enabler of SolarWinds hack. The Register. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-02-02).
- ^ Widely Used Software Company May Be Entry Point for Huge U.S. Hacking. The New York Times. 2021-01-06 [2021-01-12]. (原始內容存檔於2021-05-31).
- ^ Gatlan, Sergiu. SolarWinds hackers had access to over 3,000 US DOJ email accounts. BleepingComputer. 2021-01-06 [2021-01-13]. (原始內容存檔於2021-04-16).
- ^ 160.0 160.1 Stubbs, Jack; Satter, Raphael; Menn, Joseph. U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack. Reuters. December 15, 2020 [December 18, 2020]. (原始內容存檔於December 15, 2020).
- ^ Bing, Christopher. EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources. Reuters. December 13, 2020 [December 18, 2020]. (原始內容存檔於December 15, 2020).
- ^ 162.0 162.1 The SolarWinds cyberattack: The hack, the victims, and what we know. BleepingComputer. [2021-03-03]. (原始內容存檔於2021-05-29).
- ^ 163.0 163.1 Volz, Dustin. Federal Judiciary's Systems Likely Breached in SolarWinds Hack. WSJ. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-06-07).
- ^ SolarWinds Hack Compromises U.S. Courts Electronic Filings (1). news.bloomberglaw.com. [2021-03-03]. (原始內容存檔於2021-02-01).
- ^ 165.0 165.1 Miller, Maggie. Federal judiciary likely compromised as part of SolarWinds hack. TheHill. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-05-03).
- ^ 166.0 166.1 Krebs, Brian. Sealed U.S. Court Records Exposed in SolarWinds Breach. Krebs on Security. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-03-13).
- ^ 167.0 167.1 Starks, Tim. Federal courts are latest apparent victim of SolarWinds hack. CyberScoop. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-03-25).
- ^ Clark, Mitchell. Federal courts go low-tech for sensitive documents following SolarWinds hack. The Verge. 2021-01-07 [2021-01-12]. (原始內容存檔於2021-01-28).
- ^ Kovacs, Eduard. Probe Launched Into Impact of SolarWinds Breach on Federal Courts. SecurityWeek. 2021-01-08 [2021-01-12]. (原始內容存檔於2021-02-01).
- ^ 170.0 170.1 Gatlan, Sergiu. US Judiciary adds safeguards after potential breach in SolarWinds hack. BleepingComputer. 2021-01-07 [2021-01-13]. (原始內容存檔於2021-04-16).
- ^ Corfield, Gareth. US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents. The Register. 2021-01-08 [2021-01-13]. (原始內容存檔於2021-02-02).
- ^ 172.0 172.1 Stubbs, Jack; McNeill, Ryan. SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show. Reuters. December 18, 2020 [2021-03-03]. (原始內容存檔於2020-12-22).
- ^ 173.0 173.1 Stubbs, Jack. Hackers' broad attack sets cyber experts worldwide scrambling to defend networks. Reuters. 2020-12-19 [2021-03-03]. (原始內容存檔於2021-02-15).
- ^ 174.0 174.1 Volz, Kevin Poulsen, Robert McMillan and Dustin. WSJ News Exclusive | SolarWinds Hack Victims: From Tech Companies to a Hospital and University. December 21, 2020 [2021-03-03]. (原始內容存檔於2021-06-07).
- ^ Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds. Bloomberg. December 18, 2020 [December 19, 2020]. (原始內容存檔於2020-12-21).
- ^ SolarWinds Supply Chain Hit: Victims Include Cisco, Intel. Bankinfosecurity.com. December 17, 2020 [December 19, 2020]. (原始內容存檔於2021-01-18).
- ^ Schmaltz, Trey. La. retirement system warned it may have been target of Russian hack; Cox also investigating. WBRZ. December 18, 2020 [2021-03-03]. (原始內容存檔於2021-02-03).
- ^ Menn, Joseph. Exclusive: Microsoft breached in suspected Russian hack using SolarWinds – sources. Reuters. December 18, 2020 [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Cimpanu, Catalin. Microsoft confirms it was also breached in recent SolarWinds supply chain hack. ZDNet. [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Bass, Dina. Microsoft Says Its Systems Were Exposed to SolarWinds Hack. Bloomberg L.P. [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Novet, Jordan. Microsoft was reportedly swept up in SolarWinds hack. CNBC. December 17, 2020 [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Thomson, Iain. US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor. The Register. [2021-03-03]. (原始內容存檔於2022-04-08).
- ^ Microsoft acknowledges it was hacked via SolarWinds exploit. SlashGear. December 18, 2020 [2021-03-03]. (原始內容存檔於2021-02-18).
- ^ Robles, C. J. Microsoft, SolarWinds Hacking Can Be a National Security Issue?. Tech Times. December 17, 2020 [2021-03-03]. (原始內容存檔於2020-12-18).
- ^ Brewster, Thomas. SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies. Forbes. [2021-03-03]. (原始內容存檔於2021-02-18).
- ^ SolarWinds hackers accessed Microsoft source code, the company says. CNBC. 2021-01-01 [2021-01-13]. (原始內容存檔於2021-01-01).
Modifying source code — which Microsoft said the hackers did not do — could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
- ^ Here's why it's so dangerous that SolarWinds hackers accessed Microsoft's source code. BGR. 2021-01-01 [2021-01-13]. (原始內容存檔於2021-02-26).
More than two weeks after the hacks, Microsoft disclosed that the attackers were able to access a critical piece of software, the source code from one or more undisclosed products. Microsoft explained in a blog post that the hackers were not able to modify the source code. But even just a glance at a source code from a company like Microsoft might be enough for hackers to develop new attacks that compromise other Microsoft products. ... Microsoft’s blog post is meant to reassure governments and customers, but the fact remains that hackers might be in possession of the kind of secrets they shouldn’t have access to. Time will tell if gaining access to Microsoft’s source code will allow the same team of attackers to create even more sophisticated hacks.
- ^ Software Giant Admits That SolarWinds Hackers Viewed Microsoft Source Code. CPO Magazine. 2021-01-07 [2021-01-13]. (原始內容存檔於2021-01-26).
Microsoft disclosed [that] the hacking group behind the SolarWinds attack also viewed Microsoft source code for unnamed products. ... Microsoft, however, downplayed the breach, saying that the security of its products does not depend on the secrecy of its source code. Contrarily, Microsoft source code for most high-profile products remains to be among the most jealously guarded corporate secrets, shared only with a few trusted customers and governments.
- ^ Stanley, Alyse. Microsoft Says SolarWinds Hackers Also Broke Into Company's Source Code. Gizmodo. 2020-12-31 [2021-01-13]. (原始內容存檔於2021-01-27).
While hackers may not have been able to change Microsoft’s source code, even just sneaking a peek at the company’s secret sauce could have disastrous consequences. Bad actors could use that kind of insight into the inner workings of Microsoft’s services to help them circumvent its security measures in future attacks. The hackers essentially scored blueprints on how to potentially hack Microsoft products.
- ^ Bradley, Susan. SolarWinds, Solorigate, and what it means for Windows updates. Computerworld. 2021-01-04 [2021-01-13]. (原始內容存檔於2021-03-22).
Microsoft investigated further and found that while the attackers were not able to inject themselves into Microsoft’s ADFS/SAML infrastructure, 'one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made.' This is not the first time Microsoft’s source code has been attacked or leaked to the web. In 2004, 30,000 files from Windows NT to Windows 2000 leaked onto the web via a third party. Windows XP reportedly leaked online last year.
- ^ Satter, Raphael. Microsoft says SolarWinds hackers were able to view its source code but didn't have the ability to modify it. Business Insider. 2020-12-31 [2021-01-13]. (原始內容存檔於2021-01-14).
Ronen Slavin, [chief technology officer at source code protection company Cycode], said a key unanswered question was which source code repositories were accessed. ... Slavin said he was also worried by the possibility that the SolarWinds hackers were poring over Microsoft's source code as prelude for something more ambitious. 'To me the biggest question is, "Was this recon for the next big operation?"' he said.
- ^ Spring, Tom. Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes. Threatpost. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-04-01).
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
- ^ Email security firm Mimecast says hackers hijacked its products to spy on customers. U.S. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-01-12).
Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
- ^ Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack. SecurityWeek.Com. 2021-01-13 [2021-01-13]. (原始內容存檔於2021-03-17).
According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services. ... The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers’ communications. ... According to Reuters, people with knowledge of the situation believe this incident may be related to the recently disclosed supply chain attack involving Texas-based IT management solutions provider SolarWinds.
- ^ Seals, Tara. Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack. Threatpost. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-03-17).
Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers... A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information. 'The attack against Mimecast and their secure connection to Microsoft’s Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies,' Saryu Nayyar, CEO at Gurucul, said via email.
- ^ SolarWinds attackers suspected in Microsoft authentication compromise. SC Media. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-02-27).
- ^ Spadafora, Anthony. Mimecast may also have been a victim of the SolarWinds hack campaign. TechRadar. 2021-01-12 [2021-01-13]. (原始內容存檔於2021-01-13).
The reason that Mimecast may have been attacked by the same threat actor behind the SolarWinds hack is due to the fact that these hackers often add authentication tokens and credentials to Microsoft Active Directory domain accounts in order to maintain persistence on a network and to achieve privilege escalation.
- ^ McMillan, Robert. SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags. WSJ. 2021-01-13 [2021-01-13]. (原始內容存檔於2021-06-07).
The Mimecast hackers used tools and techniques that link them to the hackers who broke into Austin, Texas-based SolarWinds Corp., according to people familiar with the investigation. The link to the SolarWinds hackers was reported earlier by Reuters.
- ^ Four security vendors disclose SolarWinds-related incidents. U.S. 2021-01-26 [2021-02-01]. (原始內容存檔於2021-03-04).
This week, four new cyber-security vendors -- Mimecast, Qualys, Palo Alto Networks, and Fidelis -- have added their names to the list of companies that have installed trojanized versions of the SolarWinds Orion app.
- ^ fireeye/red_team_tool_countermeasures. GitHub. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Microsoft to quarantine compromised SolarWinds binaries tomorrow. BleepingComputer. [December 17, 2020]. (原始內容存檔於December 16, 2020).
- ^ Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are. CyberScoop. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-02-16).
- ^ Brandom, Russell. SolarWinds hides list of high-profile customers after devastating hack. The Verge. December 15, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ Varghese, Sam. iTWire - Backdoored Orion binary still available on SolarWinds website. www.itwire.com. [2021-03-03]. (原始內容存檔於2020-12-14).
- ^ Class Action Lawsuit Filed Against SolarWinds Over Hack. SecurityWeek.Com. 2021-01-06 [2021-01-13]. (原始內容存檔於2021-02-01).
- ^ McCarthy, Kieren. Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders. The Register. 2021-01-05 [2021-01-13]. (原始內容存檔於2021-03-17).
- ^ SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos. SecurityWeek.Com. 2021-01-08 [2021-01-13]. (原始內容存檔於2021-02-19).
- ^ Vaughan-Nichols, Steven J. SolarWinds defense: How to stop similar attacks. ZDNet. 2021-01-14 [2021-01-15]. (原始內容存檔於2021-03-10).
- ^ US government agencies, including Treasury, hacked; Russia possible culprit. WTVD. December 14, 2020 [December 15, 2020]. (原始內容存檔於December 14, 2020).
- ^ Geller, Eric. 'Massively disruptive' cyber crisis engulfs multiple agencies. Politico. [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ US vows 'swift action' if defense networks hit by alleged Russia hack. Newsweek. December 14, 2020 [December 16, 2020]. (原始內容存檔於December 16, 2020).
- ^ FBI, CISA, ODNI Describe Response to SolarWinds Attack. SecurityWeek.com. [December 18, 2020]. (原始內容存檔於December 18, 2020).
- ^ Satter, Raphael. U.S. cyber agency says SolarWinds hackers are 'impacting' state, local governments. December 24, 2020 [2021-03-03]. (原始內容存檔於2021-01-01).
- ^ Daugherty, Alex. Intel chairman Rubio says 'America must retaliate' after massive cyber hack. Miami Herald. December 18, 2020 [2021-03-03]. (原始內容存檔於2020-12-27).
- ^ Dwyer, Colin. Pompeo Says Russia 'Pretty Clearly' Behind Cyberattack, Prompting Pushback From Trump. NPR. December 19, 2020 [December 20, 2020]. (原始內容存檔於2021-06-03).
- ^ Lawmakers want more transparency on SolarWinds breach from State, VA. CyberScoop. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-01-26).
- ^ Veterans Affairs Officials Inexplicably Blow Off Briefing on SolarWinds Hack. Gizmodo. [2021-03-03]. (原始內容存檔於2021-01-21).
- ^ Hacking campaign targeted US energy, treasury and commerce agencies. The Guardian. December 17, 2020 [December 18, 2020]. (原始內容存檔於December 17, 2020).
- ^ Jill Colvin & Matthew Lee, Trump downplays Russia in first comments on hacking campaign (頁面存檔備份,存於互聯網檔案館), Associated Press (December 19, 2020).
- ^ Justin Sink, Trump Downplays Huge Hack Tied to Russia, Suggests China (頁面存檔備份,存於互聯網檔案館), Bloomberg News (December 19, 2020).
- ^ Canales, Katie. Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack despite Trump's claim. Business Insider. December 19, 2020 [December 20, 2020]. (原始內容存檔於2020-12-20).
- ^ Bing, Christopher. Trump downplays impact of massive hacking, questions Russia involvement. Reuters. 2020-12-19 [2021-03-03]. (原始內容存檔於2021-01-04).
- ^ Russia Could Fake Government Emails After SolarWinds Hack: Ex-Trump Adviser Thomas Bossert. MSN. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ Pierce, Charles P. Somebody Was Asleep at the Switch Here. Esquire. December 15, 2020 [December 17, 2020]. (原始內容存檔於December 17, 2020).
- ^ 'They potentially have the capacity to cripple us': Romney raises alarm about cyberattack tied to Russia (頁面存檔備份,存於互聯網檔案館), USA Today (December 20, 2020).
- ^ Satter, Raphael. Biden chief of staff says hack response will go beyond 'just sanctions'. Reuters. 2020-12-20 [2020-12-20]. (原始內容存檔於2021-04-07) (英語).
- ^ Biden Says Hack of U.S. Shows Trump Failed at Cybersecurity. December 22, 2020 [2021-03-03]. (原始內容存檔於2022-04-07).
- ^ Lewis, Simon. Trump must blame Russia for cyber attack on U.S., Biden says. Reuters. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-01-21).
- ^ Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts. The New York Times. 2021-01-13 [2021-01-13]. (原始內容存檔於2021-03-29).
President-elect Joseph R. Biden Jr., facing the rise of domestic terrorism and a crippling cyberattack from Russia, is elevating two White House posts that all but disappeared in the Trump administration: a homeland security adviser to manage matters as varied as extremism, pandemics and natural disasters, and the first deputy national security adviser for cyber and emerging technology. ... Mr. Trump dismantled the National Security Council's pandemic preparedness office, and while he had an active cyberteam at the beginning of his term, it languished. 'It's disturbing to be in a transition moment when there really aren't counterparts for that transition to be handed off,' Ms. Sherwood-Randall said. ... The SolarWinds hacking, named after the maker of network management software that Russian intelligence agents are suspected of having breached to gain access to the email systems of government agencies and private companies, was a huge intelligence failure.
- ^ Corera, Gordon. SolarWinds: UK assessing impact of hacking campaign. BBC News. December 18, 2020 [December 18, 2020]. (原始內容存檔於2021-03-11).
- ^ UK organisations using SolarWinds Orion platform should check whether personal data has been affected. ico.org.uk. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-01-27).
- ^ CSE warns companies to check IT systems following SolarWinds hack - CBC News. CBC. 2020-12-19 [2020-12-25]. (原始內容存檔於2021-03-30).
- ^ Security, Canadian Centre for Cyber. Canadian Centre for Cyber Security. Canadian Centre for Cyber Security. August 15, 2018 [2021-03-03]. (原始內容存檔於2021-05-24).
- ^ Wolfe, Jan. Explainer-U.S. government hack: espionage or act of war?. Reuters. 2020-12-19 [2020-12-19]. (原始內容存檔於2023-03-25).
- ^ 235.0 235.1 Dilanian, Ken. Suspected Russian hack: Was it an epic cyber attack or spy operation?. NBC News. 2020-12-18 [2020-12-19]. (原始內容存檔於2021-03-11).
- ^ 236.0 236.1 Erica Borghard; Jacquelyn Schneider. Russia's Hack Wasn't Cyberwar. That Complicates US Strategy. Wired. [December 17, 2020]. (原始內容存檔於December 18, 2020).
- ^ 237.0 237.1 Goldsmith, Jack. Self-Delusion on the Russia Hack. thedispatch.com. [2021-03-03]. (原始內容存檔於2021-05-16).
- ^ Russia's SolarWinds Operation and International Law. Just Security. December 21, 2020 [2021-03-03]. (原始內容存檔於2021-05-29).
- ^ Microsoft president calls SolarWinds hack an 'act of recklessness'. Ars Technica. December 18, 2020 [December 18, 2020]. (原始內容存檔於2021-05-07).
- ^ US cyber-attack: US energy department confirms it was hit by Sunburst hack. BBC News. December 18, 2020 [December 18, 2020]. (原始內容存檔於2021-06-06).
- ^ Schneier, Bruce. The US has suffered a massive cyberbreach. It's hard to overstate how bad it is | Bruce Schneier. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-05-07).
- ^ Kolbe, Paul R. Opinion | With Hacking, the United States Needs to Stop Playing the Victim. December 24, 2020 [2021-03-03]. (原始內容存檔於2021-05-19).
- ^ Kaplan, Fred. The Government Has Known About the Vulnerabilities That Allowed Russia's Latest Hack for Decades—and Chose Not to Fix Them. Slate Magazine. December 18, 2020 [2021-03-03]. (原始內容存檔於2021-05-16).
- ^ Kaplan, Fred. Should the U.S. Retaliate for Russia's Big Hack?. Slate Magazine. December 23, 2020 [2021-03-03]. (原始內容存檔於2021-05-06).