British cyber spies are urgently investigating a major suspected Russian hack that has caused chaos in the United States, amid fears that UK government departments, police forces, and private companies could be affected. The attack, described as the biggest breach in American history, targeted networks used by the Pentagon, FBI, Treasury, State Department, and nuclear security agencies.
The UK's National Cyber Security Centre (NCSC) said it was investigating the incident, which saw attackers install a vulnerability in a software update from US tech firm SolarWinds. Publicly available documents show that the infected update, called Orion, has been used by the Home Office. Other SolarWinds clients include the NHS, the Ministry of Defence, the Cabinet Office, the Ministry of Justice, GCHQ, the Civil Aviation Authority, and police forces. It is not clear if any of these bodies used the Orion update or have been affected.
Microsoft has also been hit, and it identified 40 clients that had been exposed, including some in the UK. Reports suggest most of America's 500 largest companies have been targeted, but the impact on Britain's private sector is not yet clear. However, the number of British companies affected is likely to be small, and there is a low chance of customer data breaches.
The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert detailing the breach. Hackers compromised the supply chain of SolarWinds Orion network management software, beginning in March 2020. They used software updates to install a secret network backdoor, called SUNBURST, which was signed with a legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed, the malware mimicked legitimate SolarWinds traffic to communicate with a command-and-control domain. The attackers used rotating IP addresses and virtual private servers to evade detection. CISA described the adversary as 'skilled, stealthy with operational security, and willing to expend significant resources to maintain covert presence.' The attack went undetected for nearly nine months, allowing hackers free range in affected networks.
US officials have vowed a tough response. Senator Dick Durbin called it 'a virtual invasion by the Russians,' while President-elect Joe Biden said he would 'impose substantial costs on those responsible.' The White House has not yet commented. The attack creates a fresh foreign policy problem for President Donald Trump in his final days in office.
