US govt taskforce to tackle SolarWinds Orion hack


By Dylan Bushell-Embling
Monday, 11 January, 2021

US govt taskforce to tackle SolarWinds Orion hack

The US National Security Council has convened a taskforce to investigate a cyber attack by an alleged Russian state-sponsored attacker affecting government customers of SolarWinds’ Orion IT infrastructure monitoring and management platform.

Preliminary intelligence indicates that the culprit is an advanced persistent threat actor likely of Russian origin, according to the Cybersecurity & Infrastructure Security Agency (CISA).

The attacker is believed to be responsible for most or all of the breaches into both government and non-government networks running SolarWinds Orion.

The taskforce, known as the Cyber Unified Coordination Group (UCG), will coordinate the investigation of the cyber attack. It will consist of members from the FBI, CISA and the Office of the Director of National Intelligence (ODNI), with support from the National Security Agency.

According to the taskforce, around 18,000 public and private sector customers of the platform are believed to have been affected by the compromise, but only a small subset are thought to have been compromised by follow-on activity on their systems.

The FBI’s investigation will focus on identifying victims, collecting and analysing evidence and sharing results with government and private sector partners.

CISA will focus on sharing information about the investigation, and has created a free tool for detecting unusual and potentially malicious activity related to the attack. ODNI will provide situational awareness for key stakeholders and coordinate intelligence collection activities to address knowledge gaps.

“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States Government, as well as our private sector partners have been working non-stop. These efforts did not let up through the holidays,” CISA said in a statement.

“The UCG remains focused on ensuring that victims are identified and able to remediate their systems, and that evidence is preserved and collected. Additional information, including indicators of compromise, will be made public as they become available.”

Image credit: ©stock.adobe.com/au/James Thew

Related Articles

The AI regulation debate in Australia: navigating risks and rewards

To remain competitive in the world economy, Australia needs to find a way to safely use AI systems.

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

Content from other channels on our network

Enhancing broadcast reliability with remote telemetry systems

Brilliant made simple — fibre and network solutions

Keller pressure sensors from Bestech Australia

Powertec's next-gen comms trailer walkaround

Have your say: proposed reforms to improve infrastructure rollout

Mt Piper BESS approved for development

Sunshine Coast to play key role in connecting Australia

WA trials long-duration storage for remote communities

Powering data centres in the age of AI

Bringing geospatial tools to infrastructure planning

Electron microscopy reveals colours of outermost electron layer

Theory reveals the shape of a single photon

Wearable generator powers electronics by body movements

Ion speed record holds potential for faster battery charging

New haptic patch transmits complexity of touch to the skin

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd