Known victims so far include the US Treasury, the US NTIA, and FireEye itself.
Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.
The malware that usually installs ransomware and you need to remove right away
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.
FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and Information Administration (NTIA).
The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.
The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House, a day earlier, on Saturday.
Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
FireEye wouldn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community told ZDNet the APT29 attribution, done by the US government, is most likely correct, based on current evidence.
HACKERS DEPLOYED SUNBURST MALWARE VIA ORION UPDATE
SolarWinds published a press release late on Sunday admitting to the breach of Orion, a software platform for centralized monitoring and management, usually employed in large networks to keep track of all IT resources, such as servers, workstations, mobiles, and IoT devices.
The software firm said that Orion update versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, have been tainted with malware.
FireEye named this malware SUNBURST and published a technical report earlier today, along with detection rules on GitHub.
Microsoft named the malware Solorigate and added detection rules to its Defender antivirus.
The number of victims was not disclosed.
Despite initial reports on Sunday and the hacking campaign doesn't appear to have been targeted at the US, specifically.
"The campaign is widespread, affecting public and private organizations around the world," FireEye said.
"The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.
SolarWinds said it plans to release a new update (2020.2.1 HF 2) on Tuesday, December 15, that "replaces the compromised component and provides several additional security enhancements."
CCP CONNECTION:
CSIA (Cybersecurity and Infrastructure Security Agency) just released an Emergency Directive 21-01 calling on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
SolarWinds main shareholder is Silver Lake Partners. Silver Lake has investment worth hundreds of billions, if not over a trillion, in China.
I late 2015, by January 2016, SolarWinds was taken private in a $4.5 Billion deal. At the time the company had 1,770 employees worldwide with 550 in Austin and reported revenue of about a half a billon a year.
2 million Chinese spies located around the world leaked.
VIDEO: December 12, 2020. United States Secretary of State Mike Pompeo comments on China:
Multiple international media outlets confirm the Chinese Communist Party has infiltrated governments and top corporations throughout the West, including the UK, Australia, and the United States. Boeing, Pfizer, and AstraZeneca are among them.
Multiple top international news outlets confirm that a list of 1.95 million Chinese Communist Party members has been leaked, and in it are the names of potentially thousands of individuals who live and work in the West, including at major financial institutions, medical research and pharmaceutical companies, and foreign governments.
A document containing 1.95 million names of CCP members was provided to The Daily Mail in the United Kingdom, The Australian in Australia, De Standaard in Belgium, and a yet unnamed Swedish editor, who apparently has not published the story. Inside the list are potentially thousands of names of CCP members who have infiltrated top corporations and high levels of government across the West.
According to The Australian journalist Sharri Markson, “Some of its members – who swear a solemn oath to ‘guard Party secrets, be loyal to the Party, work hard, fight for communism throughout my life…and never betray the Party’ – are understood to have secured jobs in British consulates.”
Alarmingly, Markson also says Pfizer and AstraZeneca – both currently producing large numbers of COVID-19 vaccine doses – have “employed a total of 123 party loyalists.”
“Along with the personal identifying details of 1.95 million communist party members, mostly from Shanghai, there are also the details of 79,000 communist party branches, many of them inside companies,” Markson added.
She explained, “the data was extracted from a Shanghai server by Chinese dissidents, whistleblowers, in April 2016, who have been using it for counter-intelligence purposes.”
The Daily Mail noted that there is no direct evidence these CCP members, who swear loyalty to the Communist Party and its leadership above all else, have engaged in espionage, but also notes that experts agree this would be incredibly unlikely.
“While there is no evidence that anyone on the party membership list has spied for China – and many sign up simply to boost their career prospects – experts say it defies credulity that some are not involved in espionage,” noted The Mail. “Responding to the findings, an alliance of 30 MPs last night said they would be tabling an urgent question about the issue in the Commons.”
The Australian noted that American defense companies are not immune to CCP infiltration.
“The database has also revealed CCP members working in global companies such as Boeing — which has billions of dollars in defence contracts,” noted The Australian.
Australian banking giant ANZ went as far as to claim there is nothing wrong with its employees having their own CCP branch, complete with 23 members.
“An ANZ spokesman said the bank did not interfere with its employees’ involvement in political groups.”
The Australian adds, “While there is no evidence that anyone on the party membership list has spied for the Chinese government … CCP members, of which there are 92 million, must pledge an oath that puts the party’s interests above all and ‘be ready at all times to sacrifice my all for the party.'”
Perhaps most shockingly, Markson notes that Chinese dissidents obtained this information in 2016, and provided it to a series of media outlets in September of this year, well before the U.S. Presidential election, over the course of which candidate Joe Biden was alleged to have massive financial connections to China through his son, Hunter Biden.
“Markson said the data was extracted from a Shanghai server by Chinese dissidents, whistleblowers, in April 2016, who have been using it for counter-intelligence purposes,” wrote Sky News. “‘It was then leaked in mid-September to the newly-formed international bi-partisan group, the Inter-Parliamentary Alliance on China,'” said Markson. “‘and that group is made up of 150 legislators around the world.'”
“‘It was then provided to an international consortium of four media organisations, The Australian, The Sunday Mail in the UK, De Standaard in Belgium and a Swedish editor, to analyse over the past two months, and that’s what we’ve done'”.
----------
Given the massive evidence of voter fraud this Executive order may be executed by President Trump:
Comments