It’s going to take months to kick elite hackers widely believed to be Russian out of the US government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into US agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.
I’ve been listening to podcasts on this. The size of the hack is unprecedented. Up to 18,000 companies infected.
What the SVR did was firstly hack SolarWinds who produce the Orion software. They then spent months putting a back door into Orion. Then SolarWinds did an update and all their clients had a back door which allowed the SVR to take over computers on their network.
They have had months to gather information and also insert further malware and backdoors. Many experts say those infected may have to throw out their network and rebuild them from scratch.
Infected organisations include many federal agencies. Experts have said this is the most audacious and successful hack in history, and arguably the most successful foreign intelligence gathering job of all time.