The major cyber attack on the US government’s computer networks was discovered when cybersecurity company FireEye started investigating a hacking attack on its own network.
FireEye found a problem with the software of supplier SolarWinds, of which the American government is also a customer. Russian hackers are said to be behind the attack, but Russia has denied any involvement in the computer hacking.
When FireEye was hacked earlier this month, investigators at the company immediately looked for vulnerabilities in the security.
“We looked at 50,000 lines of source code, and then we determined there was a back door at Solar Winds,” said Charles Carmakal, director of FireEye’s incident response business. FireEye then notified authorities and SolarWinds, Carmakal said.
Hackers, believed to be part of a Russian elite group, exploited the vulnerability to install malware, which then entered SolarWinds ‘customers’ systems when they updated their software.
Insiders say more than 25 entities have been affected by the attack, but SolarWinds says that possibly 18,000 entities could have downloaded the malicious software.
According to Carmakal, the hackers managed to penetrate “targets of high value, both governments and commercial entities.”