Yet more information has come to light regarding the SolarWinds (opens in new tab) cyberattack that compromised a host of government and corporate networks late last year.
According to an investigation conducted by the New York Times (opens in new tab), the attack may have had a far larger impact than initially feared and its origins may lie thousands of miles away from its US victims.
Originally it was thought that the SolarWinds attack had breached around two dozen US government and corporate networks but the latest evidence suggests that as many as 250 networks may have been compromised. Research by major private tech firms like Amazon and Microsoft (opens in new tab) is slowly uncovering more details about the attack, which it appears exploited many layers of the digital supply chain.
- Check out our list of the best antivirus (opens in new tab) services around
- Here's our list of the best malware removal (opens in new tab) software on the market
- We've built a list of the best endpoint protection (opens in new tab) services out there
Russia has been blamed for the incident, the purpose of which remains unknown. Potentially, the attack could have allowed threat actors to gain access to highly sensitive information, including some relating to the US nuclear weapons program.
Interestingly, investigators are now exploring whether the attack may have originated not in Russia but in Eastern European countries where some SolarWinds software is manufactured. Russian intelligence retains a deep-rooted presence in some of these nations, which could have allowed operatives to lay the groundwork for the recent attack.
More worryingly, recent evidence suggests that a number of cyberdefence missteps may have helped the attackers in their efforts. Early warning sensors placed by Cyber Command and the National Security Agency (NSA) evidently failed, and a myopic focus on the presidential election may have diverted attention away from software defense, granting the attackers more space in which to operate.
Moreover, it appears that the SolarWinds attackers carried out their attacks from servers based in the US, allowing them to exploit legal protocols that prevent the NSA from carrying out domestic surveillance that would have potentially spotted the hack.
- Here's our list of the best identity theft protection (opens in new tab) right now
Via Engadget (opens in new tab)