By Chathushka Perera
New York, USA (CWBN)_ The determined and sophisticated cyber-attacks being carried out by a “nation-state”, against the United States government and several of its institutions, including security firms such as FireEye, are “broad and successful espionage-based assault on both the confidential information”, Microsoft’s President, Bradd Smith, claimed in a statement.
“We are witnessing an attack by a nation with top-tier offensive capabilities.” FireEye CEO Kevin Mandia stated upon disclosing the attack.
It is presumed that the attacks are Russian in origin. Microsoft together with cyber-security teams from both the private and public sector have been cooperating to deter the attack, and are carrying out investigations in this regard.
Smith stated that “attackers used a technique that has put at risk the technology supply chain for the broader economy”.
The hackers initiated the breach by inserting a malware (computer code developed by hackers) into Orion, a network management software developed by SolarWinds. The company reported, the attackers installed their malware into an upgrade of the company’s Orion product that may have been installed by more than 17,000 customers.
“The attack created a supply chain vulnerability of nearly global importance, reaching many major national capitals outside Russia. This also illustrates the heightened level of vulnerability in the United States.” the statement said.
Roughly 80 percent of victims to the attack are based in the US, while other affected states include Canada, Mexico, Belgium, Spain, UK, Israel, United Arab Emirates. The number of victims is expected to grow over the coming weeks.
However, Smith maintained that it “is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.”
He also added that “It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cyber-security response.”
