A vast trove of US government emails has been targeted in a hack thought to have been carried out by Russia, American officials revealed on Monday.
The stunningly large and sophisticated operation reportedly targeted federal government networks and marks the biggest cyber-raid against US officials in years. The treasury and commerce departments were both affected and others may have been breached.
Hackers gained entry into networks by getting more than 18,000 private and government users to download a tainted software update. Once inside, they were able to monitor internal emails at some of the top agencies in the US.
Here’s what you need to know, and what comes next.
The hack began as early as March, when malicious code was sneaked into updates to popular software called Orion, made by the company SolarWinds, which monitors the computer networks of businesses and governments for outages.
That malware gave elite hackers remote access to an organization’s networks so they could steal information.
Doing so may not have been difficult. Vinoth Kumar, a security researcher, told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”.
The breach was not discovered until the prominent cybersecurity company FireEye, which itself also uses SolarWinds, determined it had experienced a breach by way of the software. FireEye has not publicly blamed its own breach on the SolarWinds hack, but it reportedly confirmed that was the case to the tech site Krebs On Security on Tuesday.
The apparent months-long timeline gave the hackers ample time to extract information from many targets. Government officials have not yet stated which agencies were affected but the Centers for Disease Control and Prevention, the state department, and the justice department all use the software in question.