Figuring out SolarWinds hack as US sanctions Russia

New York (AFP) –


A major cyber attack last year targeting the US government and businesses was a key factor in President Joe Biden's decision to retaliate Thursday with sanctions against the suspected culprit: Russia.

Four months after the sophisticated hack that centered on SolarWinds software company, the complete picture is still coming together, but here is what's known.

- What is SolarWinds? -

Texas-based SolarWinds publishes computer management software and remote monitoring tools for professionals.

The publicly-traded company boasts more than 300,000 customers globally, and its products are used by US businesses and federal agencies.

A popular SolarWinds platform called Orion, used to manage and monitor computer networks, was exploited by hackers in an attack revealed in December.

- What happened? -

Hackers used Orion to gain entry into networks, allowing them to swipe data and install malicious codes that served as "backdoors" that could be used to sneak into systems as desired.

The attack began in March 2020 and continued unnoticed before being discovered in December by one of its victims, vaunted cyber security firm FireEye.

- Who are the hackers? -

Washington accuses Russia of orchestrating the online assault, explicitly citing its Foreign Intelligence Service (SVR).

"The scope and scale of this compromise, combined with Russia's history of carrying out reckless and disruptive cyber makes it a national security concern," the US Treasury Department said in a statement released Thursday.

"The SVR has put at risk the global technology supply chain by allowing malware to be installed on the machines of tens of thousands of SolarWinds's customers."

Microsoft President Brad Smith told a US Senate intelligence committee in February that it likely took 1,000 engineers or more to pull off such a sophisticated and wide-scale attack.

Former president Donald Trump accused China of being behind the attack without providing any evidence, but computer security specialists and the Biden administration identified Russia as the culprit.

Moscow denies any involvement in the SolarWinds hack.

- What is the damage? -

The extent of the cyber attack and amount of data stolen remains unknown due to its complexity, and because many victims are unwilling or unable to share specifics.

US Treasury officials say the attack targeted the financial sector, critical infrastructure, government networks and more.

SolarWinds has disclosed that as many as 18,000 customers and more than 100 US companies were affected by the hack.

Its roster of clients includes government agencies and companies among the top 500 in the United States based on revenue.

Cyber attacks and how to respond to them have emerged as critical issues for the Biden administration, with another hack rocking Microsoft in March.

Hackers traced back to China exploited vulnerabilities in Microsoft's widely-used Exchange Server software, getting access to email services used by US businesses, cities, and local communities.