Efforts to assess the impact of a more than seven-month-old cyber espionage campaign blamed on Russia – and initiate intruders – remain in their early stages, says the cybersecurity firm that uncovered the attack.
The hack has severely shaken the US government and private sector. The company, FireEye, released a tool and white paper on Tuesday to help potential victims sift through their cloud-based installations of Microsoft 365 – where users’ emails, documents and collaboration tools reside – for determine if the hackers have broken in and remain active.
The goal is not just to find and hunt hackers, but to keep them from be able to re-enter, said Matthew McWhirt, team leader of the effort.
“There are many specific things you need to do – we have learned from our investigation – to really eradicate the attacker, “he said.
Since FireEye revealed its discovery in mid-December, infections have been found at federal agencies including the departments of commerce, treasury, justice and federal courts. Also compromised, said Charles Carmakal, FireEye technical director, dozens of private sector targets with a high concentration in the software industry and Washington DC policy-oriented think tanks.
Intruders have been stealthily gathering information for months, carefully choosing targets from the approximately 18,000 malicious code-infected customers who activated after hiding it in a network management software update first released last March by Texas-based SolarWinds.
“We keep getting to know the new victims almost every day. I still think we’re still in the early stages of really understanding the scale of the threat actor’s business, ”Carmakal said.
The public has not heard much about who exactly was compromised because many victims still cannot understand what the attackers did and therefore “may not feel they have an obligation to report”.
(This story has not been edited by Devdiscourse staff and is automatically generated from a syndicated feed.)
- I still think we were still in the early days where I truly understood the scope of the threat actor’s business, Carmakal said. The public has not heard much about who was compromised because many victims still cannot understand what the attackers did and therefore may not feel they have an obligation to report.
- Cybersecurity Company: Starting hackers is a complex task