The heart of the issue here is that for big organizations, like government agencies or corporations, their computer networks are incredibly complex. And they oftentimes turn to software to try to manage these computer networks: understand how the traffic flows, what devices are on their network, how things are configured. SolarWinds is an example of this kind of software that seems to be quite widely used throughout the government and industry. But because it’s used to manage these networks, it has a position of privilege where it can see a lot of what goes on. If you compromise SolarWinds, it then becomes possible to compromise the broader computer network.
That’s right. We’re still learning more, but what it seems occurred is that hackers somehow gained the ability to manipulate the code of what does a computer engineer do itself; essentially they put a backdoor into SolarWinds that let them carry out malicious activity. And the customers of SolarWinds downloaded this software update to their systems, not realizing it was in part malicious, at some point [after] March—and once they did this, they essentially gave the hackers an entry point into their network. From there the hackers began doing things like harvesting passwords and other credentials to try to get further access to each of these networks that they [had] compromised with the initial toehold given to them by compromising SolarWinds.
No comments:
Post a Comment