News from the SolarWinds hack; JetBrains software as a gateway?

[German]It is currently being investigated whether the SolarWinds hack could have been carried out via the TeamCity software of the Eastern European company JetBrains. In addition, it became known that the SOLARBURST hackers had access to e-mail accounts of the U.S. Department of Justice. And the Capitol’s IT staff faces the problem of cyber security after a mob raided this building.


Advertising

Suspected state attackers managed to infect a DLL in SolarWinds’ Orion surveillance software with a backdoor called SOLARBURST. The whole thing was then distributed as a digitally signed update to all users of SolarWinds Orion software worldwide. The hackers were able to access the victims’ systems unnoticed for many months and set up shop there.

Since the SolarWinds Orion products are used by many customers, the number of victims is enormous (potentially 18,000 people are said to be affected). In the U.S., according to previous analyses, about 200 U.S. authorities and companies (from Intel to Cisco to Microsoft) are assumed to have become targeted victims of this hacking action. The SolarWinds hack has hit the USA and its administration particularly hard. There is now a joint statement from the FBI, CISA, ODNI and NSA (see also) blaming Russia for the attack.

Email accounts hacked at U.S. Justice Department

U.S. media such as CNBC reported CNBC berichten, that the attackers who penetrated government networks via SolarWinds software may have had access to about 3% of Justice Department email accounts as part of the SOLARBURST hack. According to the Department, there is no indication that the hackers accessed classified systems.

JetBrains software as a gateway for the hack?

JetBrains is a multinational software company headquartered in Prague with offices in St. Petersburg, Novosibirsk, Moscow, Boston and Munich. JetBrains was founded in Prague in 2000 by Russians Sergey Dmitriev, Eugene Belyaev and Valentin Kipiatkov. One of JetBrains products is  TeamCity software (tagline Powerful continuous integration for DevOps-centric teams), which is used by many software developers. SolarWinds was also among JetBrains customers.

In separate articles, the Wall Street Journal, Retuers and New York Times report that U.S. services are investigating whether the manipulation of Orion source code that enabled the hack in the first place could have come from Czech company JetBrains. If their tool was hacked, this could have had an impact on SolarWinds.


Advertising

The head of JetBrain, Maxim Shafirov , announced in a statement that they had not been involved in the hack in any way and were not yet aware of any investigations by security services or authorities in this regard. Shafirov admitted that SolarWinds is a customer and uses Teamcity software. So far, SolarWinds has not made any contact regarding the hack. If Teamcity was used for the hack, it could have been due to a misconfiguration of the complex tool and not necessarily a security vulnerability.

IT security affected after Capitol raid

The mob that raided the US Capitol has potentially fatal consequences for IT security in this parliament. During the raid, many IT systems in the Capitol were left unattended and the mob was able to access these computers. US media such as Wired report that fundamental questions of IT security now need to be addressed. The intruders could have bugged congressional offices, siphoned data from unlocked computers or installed malware on exposed devices. In the rush to evacuate the Capitol, some computers were not locked down and remained accessible when the rioters arrived. Some devices were also stolen: Sen. Jeff Merkley of Oregon said in a video late Wednesday that intruders took one of his office’s laptops from a conference table. That’s where a bigger security challenge comes in for those in charge.

Similar articles:
FireEye hacked, Red Team tools stolen
US Treasury and US NTIA hacked
SolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?
Sloppiness at SolarWinds responsible for compromised software?
News in the fight against SUNBURST infection, domain seized
SUNBURST malware: Analytic Tool SolarFlare, a ‘Kill Switch’ and EINSTEIN’s fail
SUNBURST malware was injected into SolarWind’s source code base
SUNBURST: US nuclear weapons agency also hacked, new findings
SolarWinds hack: Microsoft and others also affected?
SUNBURST hack: Microsoft’s analysis and news
2nd backdoor found on infected SolarWinds systems
SolarWinds hackers had access to Microsoft source code
SolarWinds hack: Hacker goals; outsourcing are under investigation?


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *