Hackers who exploited an update to the ubiquitous SolarWinds Orion network management software accessed several U.S. government agencies, including the departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce.
The victims are among as many as 18,000 SolarWinds customers around the globe who installed the malicious update. The hack was first reported by cybersecurity firm FireEye, itself a SolarWinds customer.
Believed to be the biggest hack ever uncovered, it has prompted the U.S. government to assemble a multi-department task force to respond to the threat.
Mnuchin told CNBC in the interview that addressing cyber threats “has been a big focus of the administration and within Treasury, we have a large group that is focused for cyber,” adding, “we have much needed resources in working in protecting the financial industry.”
The hackers gained backdoor access in more ways than through the SolarWinds software.
“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” CISA said in a statement.
SolarWinds, which serves the vast majority of Fortune 500 companies and major U.S. government agencies, is facing increased scrutiny after disclosing that it has been the subject of the hack.
A security researcher warned SolarWinds last year that its software update server could be accessed using the password: “solarwinds123.”
“This could have been done by any attacker, easily,” Vinoth Kumar, the security researcher, said about discovering the extremely weak password.
The company said in a Securities and Exchange Commission filing last week that it believes up to 18,000 customers installed updates of its Orion network, which experts say opened them up to an attack that centered around a malware known as SUNBURST.
“There has been significant media coverage of attacks on U.S. government agencies and other companies, with many of those reports attributing those attacks to a vulnerability in the Orion products. SolarWinds is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited in any of the reported attacks,” SolarWinds said in the filing.
SolarWinds serves over 300,000 customers around the world.