SolarWinds hack recovery could take 18 months
SolarWinds Orion, the targeted network management product, is used in tens of thousands of businesses and government agencies. More than 17,000 organizations have downloaded the infected backdoor. The hackers were extremely stealthy and precise in targeting, which is why it took so long to catch them and why it takes so long to understand their full impact.
The difficulty in discovering the extent of the damage was summed up by Brad Smith, the president of Microsoft, during a hearing before Congress last week.
“Who knows all of what happened here?” he said. “Right now, the attacker is the only one who knows everything he’s done.”
Kevin Mandia, CEO of security firm FireEye, which raised early warnings about the attack, told Congress that hackers have prioritized stealth above all else.
“The disruption would have been easier than what they did,” he said. “They had targeted and disciplined data theft. It’s easier to remove everything in blunt trauma and see what happens. They actually did more work than it would have taken to become destructive.
“It has a silver lining”
CISA first heard of an issue when FireEye discovered it had been hacked and notified the agency. The company regularly works closely with the U.S. government, and while it is not legally obligated to tell anyone about the hack, it quickly shared the news of the compromise with sensitive corporate networks.
It was Microsoft that told the US government that the federal networks had been compromised. The company shared this information with Wales on December 11, he said in an interview. Microsoft has observed hackers entering the Microsoft 365 cloud used by many government agencies. A day later, FireEye informed CISA about the backdoor of SolarWinds, a little-known but extremely widespread and powerful tool.
This indicated that the scale of the hack could be enormous. CISA investigators ended up working over the holidays to help agencies find hackers in their networks.
These efforts were made even more complicated because Wales had only just taken over the agency: a few days earlier, former director Chris Krebs had been sacked by Donald Trump for repeatedly debunking disinformation of the White House on a stolen election.