It must be Monday, news always comes out and becomes breaking on such a day. Today, two sources, Cyberscoop and Krebs on Security post articles. Cyberscoop was on Sunday and Krebs on Monday.
Cyberscoop writes:
Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government
security officials said on Sunday that they were fighting to contain.There were signs that the impact could stretch far and wide in not only the government, but also the private sector. SolarWinds, an IT provider to many
government agencies and Fortune 500 companies, said it was working with law enforcement, the intelligence community and others to investigate a vulnerability
apparently implanted into its supply chain by a nation state.“We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked
the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this
time.”
Krebs on Security writes:
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that
helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer
base, experts say the incident may be just the first of many such disclosures.
No matter which article you read, both are good in their right, and if this is anything to come, we may be hearing more.
The worst part is that the company which admitted to the problem, Solar Wind, has a customer base of 300,000 which include:
- -more than 425 of the U.S. Fortune 500
- -all ten of the top ten US telecommunications companies
- -all five branches of the U.S. military
- -all five of the top five U.S. accounting firms
- -the Pentagon
- -the State Department
- -the National Security Agency
- -the Department of Justice
- -The White House.
Its unclear how many customers are effected by the software issue, I guess this story will get quite interesting as more is known.
Want to read more?