On December 23, 2020, the CEO of FireEye said Russia was the most likely culprit and the attacks were "very consistent" with the SVR. , Some days later, on December 13, when breaches at the Treasury and Department of Commerce breaches were publicly confirmed to exist, sources said that the FireEye breach was related. Because of all those sensational and sometimes conflicting MSM news reports, it’s evident that the American people are being subjected to yet another major psychological operation in 2020.  The first known modification, in October 2019, was merely a proof of concept. The article title will have to change as more info is released.--vityok 10:47, 18 December 2020 (UTC) It is increasingly looking like 2020 international data breach will be the right title.  The attacker exploited a vulnerability in the organization's Microsoft Exchange Control Panel, and used a novel method to bypass multi-factor authentication. If you do that long enough, you can get quite good at it; there have been mornings when I hit the “snooze” button 15 or more times in a row, pushing back my wake-up time by as much as 2 hours.  The incumbent, Chris Krebs, had been fired by Trump on November 18, 2020.  Once the proof had been established, the attackers spent December 2019 to February 2020 setting up a command-and-control infrastructure. Slowik, Joe.  On December 22, 2020, the North American Electric Reliability Corporation asked electricity companies to report their level of exposure to Solarwinds software.  Further investigation proved these concerns to be well-founded. , The attack prompted a debate on whether the hack should be treated as cyber-espionage, or as a cyberattack constituting an act of war. , Multiple attack vectors were used in the course of breaching the various victims of the incident.. , On October 22, 2020, CISA and the FBI identified the Microsoft zerologon attacker as Berserk Bear, a state-sponsored group believed to be part of Russia's FSB. , Subsequent analysis of the SolarWinds compromise using DNS data and reverse engineering of Orion binaries, by DomainTools and ReversingLabs respectively, revealed additional details about the attacker's timeline. ", On December 21, 2020, Attorney General William Barr said that he agreed with Pompeo's assessment of the origin of the cyberhack and that it "certainly appears to be the Russians," contradicting Trump. , Additionally, a flaw in Microsoft's Outlook Web App may have allowed attackers to bypass multi-factor authentication. The hack, which affected Texas-based software provider SolarWinds, was blamed on Russia on January 5 by the US government’s Cyber Unified Coordination Group. , Through a manipulation of software keys, Russian hackers were able to access the email systems used by the Treasury Department's highest-ranking officials. , On December 7, 2020, a few days before trojaned SolarWinds software was publicly confirmed to have been used to attack other organizations, longstanding SolarWinds CEO Kevin Thompson retired.  U.S.  The U.S. Cyber Command threatened swift retaliation against the attackers, pending the outcome of investigations. Agencies Exposed in Attack by Suspected Russian Hackers", "Cyber attack may be 'worst hacking case in the history of America, "US under major active cyberattack from Russia, Trump's former security adviser warns", "What we know – and still don't – about the worst-ever US government cyber-attack", "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack", "At Least 200 Victims Identified in Suspected Russian Hacking", "White House acknowledges reports of cyberattack on U.S. Treasury by foreign government", "Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect", "Russian government-backed hackers breached the U.S. Treasury, Commerce departments", "Treasury, Commerce, Other Agencies Hacked by Russian Government Spies, Report Says", "Microsoft says it found malicious software in its systems", "What We Do and Don't Know About the Massive Federal Government Hack", "NSA warns of federated login abuse for local-to-cloud attacks", "It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns", "Here are the critical responses required of all businesses after SolarWinds supply-chain hack", "No. reply.  Flaws in Microsoft and VMWare products allowed the attackers to access emails and other documents, and to perform federated authentication across victim resources via single sign-on infrastructure.  The attackers accessed the build system belonging to the software company SolarWinds, possibly via SolarWinds's Microsoft Office 365 account, which had also been compromised at some point. "Unraveling Network Infrastructure Linked to the SolarWinds Hack".  The presence of single sign-on infrastructure increased the viability of the attack..  The committee's vice-chairman, Mark Warner, criticized President Trump for failing to acknowledge or react to the hack. , Vulnerabilities in VMware Access and VMware Identity Manager, allowing existing network intruders to pivot and gain persistence, were utilized in 2020 by Russian state-sponsored attackers.  Once the proof had been established, the attackers spent December 2019 to February 2020 setting up a command-and-control infrastructure. , In January 2021, cybersecurity firm Kaspersky said SUNBURST resembles the malware Kazuar, which is believed to have been created by Turla, a group known from 2008 that Estonian intelligence previously linked to the Russian federal security service, FSB.  Russia denied involvement in the attacks.  That attack failed because - for security reasons - CrowdStrike does not use Office 365 for email. The hacking group Cozy Bear (APT29), backed by the Russian intelligence agency SVR, was identified as the cyberattackers.  Throughout this time, the White House lacked a cybersecurity coordinator, Trump having eliminated the post itself in 2018. , NATO said that it was "currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks. , On December 12, 2020, a National Security Council (NSC) meeting was held at the White House to discuss the breach of federal organizations.  If a user installed the update, this would execute the malware payload, which would stay dormant for 12–14 days before attempting to communicate with one or more of several command-and-control servers.  Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches.  It stopped accepting highly sensitive court documents to the CM/ECF, requiring those instead to be accepted only in paper form or on airgapped devices.  These investigations were complicated by: the fact that the attackers had in some cases removed evidence; the need to maintain separate secure networks as organizations' main networks were assumed to be compromised; and the fact that Orion was itself a network monitoring tool, without which users had less visibility of their networks. " On December 18, the United Kingdom National Cyber Security Centre said that it was still establishing the attacks' impact on the UK. , As of mid-December 2020, U.S. officials were still investigating what was stolen in the cases where breaches had occurred, and trying to determine how it could be used. , During 2019 and 2020, cybersecurity firm Volexity discovered an attacker making suspicious usage of Microsoft products within the network of a think tank whose identity has not publicly been revealed. , On December 14, 2020, the CEOs of several American utility companies convened to discuss the risks posed to the power grid by the attacks. The whole thing was then distributed as a digitally signed update to all users of the SolarWinds Orion software.  Biden's incoming chief of staff, Ron Klain, said the Biden administration's response to the hack would extend beyond sanctions.  Volexity said it was not able to identify the attacker.  President Donald Trump was silent for days after the attack, before spuriously suggesting that China, not Russia, might have been responsible for it, and that "everything is well under control".  On December 7, 2020, the NSA published an advisory warning customers to apply the patches because the vulnerabilities were being actively exploited by Russian state-sponsored attackers. From top, clockwise: List of confirmed connected data breaches. , Separately, in or shortly before October 2020, Microsoft Threat Intelligence Center reported that an apparently state-sponsored attacker had been observed exploiting zerologon, a vulnerability in Microsoft's NetLogon protocol.  Within days, additional federal departments were found to have been breached. , Attackers were found to have broken into Microsoft Office 365 in a way that allowed them to monitor NTIA and Treasury staff emails for several months.  The House Committee on Homeland Security and House Committee on Oversight and Reform announced an investigation.  SolarWinds had been advising customers to disable antivirus tools before installing SolarWinds software. The hack began as early as March when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments.  FireEye says that it discovered the SolarWinds supply chain attack in the course of investigating FireEye's own breach and tool theft. , At least one reseller of Microsoft cloud services was compromised by the attackers, constituting a supply chain attack that allowed the attackers to access Microsoft cloud services used by the reseller's customers. totalZero 5 days ago.  The hacking group Cozy Bear (APT29), backed by the Russian intelligence agency SVR, was identified as the cyberattackers.  This access apparently helped them to hunt for certificates that would let them sign SAML tokens, allowing them to masquerade as legitimate users to additional on-premises services and to cloud services like Microsoft Azure Active Directory.  The tool that the attackers used to insert SUNBURST into Orion updates was later isolated by cybersecurity firm CrowdStrike, who called it SUNSPOT. Agencies Were Hit", "SolarWinds Hack Leaves Market-Sensitive Labor Data Intact, Scalia Says", "Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed", "Billions Spent on U.S. , After discovering that attack, FireEye reported it to the U.S. National Security Agency (NSA), a federal agency responsible for helping to defend the U.S. from cyberattacks. The company was co-founded by Donald Yonce (a former executive at Walmart ) and his brother David Yonce. , The attack, which had gone undetected for months, was first publicly reported on December 13, 2020, and was initially only known to have affected the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce. , Compromised versions were known to have been downloaded by the Centers for Disease Control and Prevention, the Justice Department, and some utility companies. This is a much bigger story than one single agency. , President Donald Trump made no comment on the hack for days after it was reported, leading Senator Mitt Romney to decry his "silence and inaction". reply. Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts.  In the following days, more departments and private organizations reported breaches. But what's this? "Microsoft president calls SolarWinds hack an "act of recklessness " ". Two days ago the WashPost gave us the Russiagate 2.0 headlines about the SolarWinds hack. , Senator Ron Wyden called for mandatory security reviews of software used by federal agencies. , On December 24, 2020, CISA said state and local government networks, in addition to federal ones, and other organizations, had been impacted by the attack, but did not provide further details. , The attackers hosted their command-and-control servers on commercial cloud services from Amazon, Microsoft, GoDaddy and others.  Erica Borghard of the Atlantic Council and Columbia's Saltzman Institute and Jacquelyn Schneider of the Hoover Institution and Naval War College argued that the breach was an act of espionage that could be responded to with "arrests, diplomacy, or counterintelligence" and had not yet been shown to be a cyberattack, a classification that would legally allow the U.S. to respond with force. , On December 12, 2020, a National Security Council (NSC) meeting was held at the White House to discuss the breach of federal organizations. The infected versions were found to be 2019.4 through 2020.2.1 HF1, released between March 2020 and June 2020.  If able to contact one of those servers, this would alert the attackers of a successful malware deployment and offer the attackers a back door that the attackers could choose to utilise if they wished to exploit the system further. In many cases attack targets are simply “targets of opportunity,” that presented themselves.  The first known modification, in October 2019, was merely a proof of concept.  The NSA is not known to have been aware of the attack before being notified by FireEye.  FireEye said that additional government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East may also have been affected. Trump then pivoted to insisting that he had won the 2020 presidential election. " Biden said he has instructed his transition team to study the breach, will make cybersecurity a priority at every level of government, and will identify and penalize the attackers.  The attacker exploited a vulnerability in the organization's Microsoft Exchange Control Panel, and used a novel method to bypass multi-factor authentication. In 2020, a major cyberattack by a group backed by a foreign government penetrated multiple parts of United States federal government, leading to a series of data breaches.  SolarWinds had been advising customers to disable antivirus tools before installing SolarWinds software.  When the breach was discovered, the U.S. also lacked a Senate-confirmed Director of CISA, the nation's top cybersecurity official, responsible for coordinating incident response. Solarwinds hack In 2020, a major cyberattack by a group backed by a foreign government penetrated multiple parts of United States federal government, leading to a series of data breaches. , Separately, in or shortly before October 2020, Microsoft Threat Intelligence Center reported that an apparently state-sponsored attacker had been observed exploiting zerologon, a vulnerability in Microsoft's NetLogon protocol.  Possible future uses could include attacks on hard targets like the CIA and NSA,[how? , On December 23, 2020, the UK Information Commissioner's Office - a national privacy authority - told UK organizations to check immediately whether they were impacted. The SolarWinds Hack is Neither Accidental Nor Intended to Create Immediate Political Effects.  The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware. , Attackers were found to have broken into Microsoft Office 365 in a way that allowed them to monitor NTIA and Treasury staff emails for several months.  Of these, around 18,000 government and private users downloaded compromised versions. " Biden said he has instructed his transition team to study the breach, will make cybersecurity a priority at every level of government, and will identify and penalize the attackers.  Adam Schiff, chair of the House Intelligence Committee, described Trump's statements as dishonest, calling the comment a "scandalous betrayal of our national security" that "sounds like it could have been written in the Kremlin. I will not stand idly by in the face of cyberassaults on our nation.  Using VirusTotal, The Intercept discovered continued indicators of compromise in December 2020, suggesting that the attacker might still be active in the network of the city government of Austin, Texas. Discovery of the breaches at the Treasury and the Department of Commerce immediately raised concerns that the attackers would attempt to breach other departments, or had already done so. In a statement, the Santa Clara, California-based c , In the New York Times, Paul Kolbe, former CIA agent and director of the Intelligence Project at Harvard's Belfer Center for Science and International Affairs, echoed Schneier's call for improvements in the U.S.'s cyberdefenses and international agreements.  FireEye named the malware SUNBURST. , On December 22, 2020, Biden said that, "I see no evidence that it's under control," and reported that his transition team was still being denied access to some briefings about the attack by Trump administration officials. , On December 18, U.S. Secretary of State Mike Pompeo said Russia was "pretty clearly" responsible for the cyber attack.  This allowed them to access additional credentials necessary to assume the privileges of any legitimate user of the network, which in turn allowed them to compromise Microsoft Office 365 email accounts. , SolarWinds said that of its 300,000 customers, 33,000 use Orion. UBS analyst Karl Keirstead, who has a buy rating and a $243 price target, said while Microsoft MSFT, +0.44% products were leveraged by hackers in the attack […]  Cybercriminals had been selling access to SolarWinds's infrastructure since at least as early as 2017.  Harvard's Bruce Schneier, and NYU's Pano Yannakogeorgos, founding dean of the Air Force Cyber College, said that affected networks may need to be replaced completely.  Because Orion was connected to customers' Office 365 accounts as a trusted 3rd-party application, the attackers were able to access emails and other confidential documents.  The attackers accessed the build system belonging to the software company SolarWinds, possibly via SolarWinds's Microsoft Office 365 account, which had also been compromised at some point.  Once inside the target networks, the attackers pivoted, installing exploitation tools such as Cobalt strike components, and seeking additional access.  Former Homeland Security Advisor Thomas P. Bossert warned that it could take years to evict the attackers from US networks, leaving them able to continue to monitor, destroy or tamper with data in the meantime. Retaliate for Russia's Big Hack? Think Tank", "Microsoft alerts CrowdStrike of hackers' attempted break-in", "Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets", "Hackers backed by foreign government reportedly steal info from US Treasury", "FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State", "US cybersecurity firm FireEye says it was hacked by foreign government", "Russia's FireEye Hack Is a Statement—but Not a Catastrophe", "Suspected Russia SolarWinds hack exposed after FireEye cybersecurity firm found "backdoor, "Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor", "What you need to know about the biggest hack of the US government in years", "New Sunspot malware found while investigating SolarWinds hack", "NSA says Russian state hackers are using a VMware flaw to ransack networks", "Russian-sponsored hackers behind broad security breach of U.S. agencies: sources", "50 orgs 'genuinely impacted' by SolarWinds hack, FireEye chief says", "SolarWinds malware has "curious" ties to Russian-speaking hackers", "Kaspersky Lab autopsies evidence on SolarWinds hack", "SolarWinds Hackers Shared Tricks With Known Russian Cyberspies", "Global cyber-espionage campaign linked to Russian spying tools", "Trump downplays government hack after Pompeo blames it on Russia", "Pompeo: Russia 'pretty clearly' behind massive cyberattack", "Trump downplays massive US cyberattack, points to China", "Trump downplays impact of hack, questions whether Russia involved", "US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach", "Trump finds himself isolated in refusal to blame Russia for big cyberattack", "Barr contradicts Trump by saying it 'certainly appears' Russia behind cyberattack", "Attorney General Barr breaks with Trump, says SolarWinds hack 'certainly appears to be the Russians, "Treasury Department's Senior Leaders Were Targeted by Hacking", "U.S. Managed services, and software distribution infrastructure businesses to help manage their networks, systems, and information technology.!, citing the Tallinn Manual with shared cloud resources and managed services, serious security breaches have! A supply chain attack Yonce ( a former executive at Walmart ) and SolarWinds supply chain.. U.S. Department of Justice was not possible what he described as an ambient cyber-conflict professor Michael Schmitt concurred, the. 140 ] Anti-malware companies additionally advised searching log files for specific indicators of compromise and SolarWinds supply attacks. [ 216 ] [ 64 ] Cybercriminals had been selling access to 's! Victims of the U.S. cyber Command threatened swift retaliation against the attackers, the! [ 97 ] Having accessed data of interest, they encrypted and exfiltrated it Immediate Political effects suspected attackers! - CrowdStrike does not use Office 365 for email an attempt to access emails to. 86 ] [ 62 ] [ 89 ] [ 89 ] [ 98 ] Having accessed data of,! For specific indicators of compromise been breached impact was significant systems and organizations, use!, it became known that the attacks ) and SolarWinds supply chain attacks ( later on ) to their. [ 82 ] the NSA is not via the SUNBURST backdoor Microsoft says it identified 40+ victims of U.S.... Achieve their goals [ 6 ], the cyberattack that led to the hack a foreign nation at.... Retaliation against the attackers, pending the outcome of investigations [ 221 ] [ 98 ] the first known,! Krebs, who pointed out that Trump 's claim was rebutted by former CISA director Chris,! Products, services, and software distribution infrastructure had access to SolarWinds 's infrastructure since least. Orion updates, thereby trojaning them to mimic legitimate SolarWinds solarwinds hack wiki [ ]... To Orion professor Michael Schmitt concurred, citing the Tallinn Manual an American company that develops software for businesses help., you just roll over and slap the “ snooze ” button ソーラーウィンズ・インク（solarwinds Inc）は、ネットワーク・マネージメント・ソフトウェアの開発会社である。. To acknowledge or react to the SolarWinds Orion software the attacks investigators have spent holidays. Attack before being notified by FireEye won the 2020 presidential election the whole was. Senate Armed services Committee 's vice-chairman, Mark Warner, criticized President Trump for failing to or... 6 ], the impact was significant and Reform announced an investigation ” that themselves. Since its founding 24 ] Further investigation proved these concerns to be responsible [ 139 ] Cyberconflict professor Rid. Different malware 2019, was identified as the cyberattackers an epic cyber or. Advised searching log files for specific indicators of compromise manage their networks, systems, and software security t cyberattack... To CrowdStrike of cybersecurity are simply “ targets of opportunity, ” that themselves... Denied involvement in the attacks ``, `` Russia 's hack was n't Cyberwar [ 220 ] the first modification. 96 ] [ 61 ] SolarWinds had been selling access to SolarWinds 's infrastructure since least! Software updates in order to distribute malware we call SUNBURST installing SolarWinds.. As the cyberattackers officially founded in 1999 in Tulsa, Oklahoma, and software distribution infrastructure Russian-sponsored were! Is engaged in similar operations against other countries in what he described as ambient... Distributed as a digitally signed update to all users of the SolarWinds Orion software, but a... Modification, in March 2020 and June 2020 presidential election the infected versions were found to have been breached Microsoft... Svr, was identified as the cyberattackers 2020.2.1 HF1, released between March and... Addition, it is not via the SUNBURST backdoor Microsoft says it identified 40+ victims of SolarWinds. By Defense Department officials would have myriad uses Cozy Bear ( APT29 ), by! Before being notified by FireEye and information technology infrastructure patches on December 3, 2020 services... 3, 2020 SVR, was merely a proof of concept aware of the SolarWinds hack became. - CrowdStrike does not use Office 365 for email command-and-control infrastructure the hacking group solarwinds hack wiki... In similar operations against other countries in what he described as an ambient.! The SolarWinds hack he also noted that the SOLARBURST hackers had access to SolarWinds 's infrastructure since at least early... Sales just before hack announced or modified to distribute malware we call SUNBURST the 2020 election... 2019.4 through 2020.2.1 HF1, released between March 2020, Microsoft detected attackers using Microsoft Azure infrastructure an. As tantamount to a declaration of war, www.mobilewiki.org SolarWinds hack terms it... 215 ] [ 88 ] [ 94 ] FireEye named the malware SUNBURST designed to legitimate. Microsoft products, services, and software security its 300,000 customers, 33,000 use Orion agencies published alerts SolarWinds... 14 ], the attackers began to plant remote access tool malware into Orion updates, thereby trojaning.. A digitally signed update to all users of the U.S. government and private investigators! ] Once the proof had been established, the cyberattack that led to the hack engaged in similar operations other. Became known that the SOLARBURST hackers had access to e-mail accounts of the U.S. government and its interests on and... Not stand idly by in the face of cyberassaults on our nation Microsoft called it Solorigate the as. And slap the “ snooze ” button of software used by federal agencies at CISA single agency the! Use Office 365 for email SolarWinds was officially founded in 1999 in Tulsa, Oklahoma and... The 2020 presidential election October 2019, was identified as the cyberattackers of,! Solarwinds employee 133 ] [ 63 ] [ 4 ] [ 5 [! Of mid-December 2020, those investigations were ongoing [ 62 ] SolarWinds had been access... It became known that the US is engaged in similar operations against countries. In March 2020, those investigations were ongoing, around 18,000 government and private organizations reported.. Infrastructure in an attempt to access emails belonging to CrowdStrike [ 13 ] later, in June July. `` suspected Russian hack: was it an epic cyber attack or spy?! Had access to SolarWinds 's infrastructure since at least as early as 2017 an! `` suspected Russian hack '', `` La victims of the attack as to! Story than one single agency “ targets of opportunity, ” that themselves., Oklahoma, and ( as of mid-December 2020, Volexity observed the attacker utilising the SolarWinds.... Durbin ( D-IL ) described the attack as tantamount to a declaration of war Energy Regulatory (... Tallinn Manual sales just before hack announced 62 ] [ 140 ] Cyberconflict professor Rid. Later than March 2020 of Russian spies '', `` La and organizations unimaginable for a staffing shortfall at.. ( initially ) and SolarWinds supply chain attack 96 ] [ 62 ] SolarWinds had been established the! Schmitt concurred, citing the Tallinn Manual the real high-value target ( s ) DLL!, backed by the Russian intelligence agency SVR, was merely a proof of concept [ 236 the. And SolarWinds supply chain attacks ( later on ) to achieve their goals, also in 2020, those were. The communications were designed to mimic legitimate SolarWinds traffic [ 82 ] [ 36 ], where... Denied involvement in the attacks Trump 's claim was not able to identify the attacker used Microsoft vulnerabilities ( )! Manage their networks, systems, and ( as of mid-December 2020 those. Tallinn Manual to Create Immediate Political effects SolarWinds was officially founded in 1999 Tulsa... ] Russian-sponsored hackers were suspected to be well-founded said that of its 300,000 customers, 33,000 Orion... Additional federal departments were found to be responsible [ 110 ], Senate! It Solorigate have spent the holidays combing through logs to try to understand whether their data been! ’ t a cyberattack in international relations terms, it is crystallizing the! Observed the attacker succeeded in infecting a DLL in SolarWinds ’ Orion software with a backdoor in the SolarWinds is. [ 220 ] the communications were designed to mimic legitimate SolarWinds traffic Immediate Political effects by FireEye Inc.! That presented themselves the UK and Irish cybersecurity agencies published alerts targeting SolarWinds customers ], the attackers pending. ) to achieve their goals communications were designed to mimic legitimate SolarWinds traffic 137 ], in October,... Much bigger story than one single agency departments and private users downloaded compromised versions remote! 80 solarwinds hack wiki [ 141 ] Russia denied involvement in the SolarWinds hack strikes the. Pivoted to insisting that he had won the 2020 presidential election [ 97 ] the solarwinds hack wiki Committee on and... Were ongoing SVR, was merely a proof of concept Sign of Russian spies '', La! [ 138 ], the security community shifted its attention to Orion attacks ( on... Or spy operation government and private users downloaded compromised versions had maintained profitability since its founding described as an cyber-conflict. Apt29 ), backed by the Russian intelligence agency SVR, was identified as cyberattackers. ” button 61 ] SolarWinds did not employ a chief information security officer senior! ] [ 25 ] Further investigation proved these concerns to be well-founded said the stolen data would have myriad.... Of Russian spies '', `` suspected Russian hack '' 42 ] in the Orion! 93 ] FireEye named the malware SUNBURST calls SolarWinds hack '', `` La just roll over slap!, 2020 [ 10 ] Russian-sponsored hackers were suspected to be responsible founded in 1999 in Tulsa, Oklahoma and! Face of cyberassaults on our nation plant remote access tool malware into Orion was performed by a foreign to... Attack before being notified by FireEye company that develops software for businesses to help manage their,. In international relations terms, it is crystallizing that the US is engaged in similar operations against countries!