SUPERNOVA: Sunburst Hit Hard by Cyberattack

If it’s a hacker that’s broken into a database, it probably was a Russian hacker, and one company experienced a Soviet cyber attack the hard way. SolarWinds is a tech company who was the victim of a cyber attack performed by unknown Russian hackers. These infiltrating codes were named SUNBURST and SUPERNOVA. Some one at the Cybersecurity and Infrastructure Security Agency (CISA) has a fun time at their job. My best guess would be due to how fast it spread; it covered a lot of ground very quickly. 

These codes were uploaded to their servers without the company knowing and gave hackers the ability to “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.” One of the largest companies they targeted was Microsoft. Hackers were in the system for weeks without anyone knowing. With such a scare and loss of public trust, Microsoft immediately remedied the issue and made public statements regarding the attack. They stated that the hackers “were able to view source code in a number of source repositories… no evidence of access to production services or customer data… no indications that our systems were used to attack others.” Basically, all the hackers had access to was viewing fundamental code, but they could not change anything or access any fundamental or crucial files on top of being denied spreading their code through Microsoft’s networks.

This is good news for everyone that uses Microsoft products, aka the majority of the tech world. It may not be good for the other approximate 250 federal agencies and businesses that were also hit. Microsoft was but one chip in the bag they were munching on.

In addition, Microsoft has recently found out that the reason the attack was undetected for so long, was their meticulous care about spreading code and viruses. For each computer, a different file name was given to each piece of the hackers uploaded files as not to create any trails or patterns. ZDNet stated, “Microsoft said it found the attackers put in “painstaking planning of every detail to avoid discovery”… Each Cobalt Strike DLL implant was prepared to be unique per machine and avoided at any cost overlap and reuse.” The proof is in the details. Granted, we don’t expect anyone to fish through all the little folders and files within a system or computer, but some alarm should’ve gone off sooner.

There have been statements from federal committees explaining that the severity of the attacks are not as bad as they seem because of the restricted access they had to networks and files. SolarWinds has released statements on which of their products and services have been targeted and which are safe, followed by patch updates to prevent the same thing from happening. Government agencies such as CISA, Computer Emergency Readiness Team (CERT), and parts of the Department of Homeland Security (DHS) have issued guidance for those affected.

Author