Another hacking group was involved in a cyberattack that targeted SolarWinds software, which was used by a number of federal government agencies, said Microsoft in an update.
“This code provides an attacker the ability to send and execute any arbitrary C# program on the victim’s device. Microsoft Defender Antivirus detects this compromised DLL as Trojan:MSIL/Solorigate.G!dha,” said the company.
SolarWinds, a third party vendor, said that its systems were compromised after hackers breached the firm’s Orion updates and distributed malware. The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency said the attack was more significant they previously thought.
“One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products. CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” CISA said in a statement on Dec. 17.
The Office of the Director of National Intelligence, CISA, and other intelligence agencies said the attack is “ongoing,” adding that the “compromise has affected networks within the federal government.”
Chris Krebs, the former director of CISA, told CNN that the attack occurred while he was head of the agency.
Technology giant Cisco Systems Inc., Intel Corp., Nvidia Corp., VMware Inc., Belkin International Inc., Kent State University, and many more used the software, the report found.
“At this time, there is no known impact to Cisco offers or products,” a company spokesman for Cisco told the paper, adding that it found the malware on some employee systems. The other companies confirmed to WSJ that they were aware of the malware.
A Kent State University spokeswoman added that the university “was aware of the situation and are evaluating this serious matter.”