2020年美国联邦政府数据泄露事件
2020年美国联邦政府数据泄露事件是指在2020年,一个由他国政府支持的组织发动了一场大规模网络攻击。[1][27][28]全球包括美国各级政府部门、北约、英国政府、欧洲议会、微软等至少200个政府单位、组织或公司受到影响,其中一些组织的数据可能也遭到了泄露。[29][30]由于此次网络攻击和数据泄露事件持续时间久,目标知名度高、敏感性强,多家媒体将其列为美国遭受过的最严重的网络安全事件。
日期 | |
---|---|
持续时间 | 至少8个月[11] 或9个月 |
地点 | 美国、英国、西班牙、以色列、阿联酋、加拿大、墨西哥等[12] |
类型 | 网络攻击, 数据泄露 |
主题 | 恶意软件, 软件后门, 高级持续性威胁, 间谍 |
起因 | |
首个报道者 | |
疑犯 |
此次攻击在2020年12月13日首次公开报道前已经持续数月,最初披露的报告列明的受影响组织仅包括美国财政部和美国商务部下属的国家电信和资讯管理局(NTIA)。随后,更多单位发现其数据遭到泄露。[24][25][1][5][29]
此次网络攻击事件最晚开始于2020年3月[31][10],期间,攻击者至少利用了微软、SolarWinds和VMware三家企业的软件或凭证。[32][20]攻击者通过对微软云服务实施供应链攻击获得入侵微软云服务客户的能力[15][16][17]。SolarWinds作为微软云客户之一遭到入侵,随后其存在严重安全缺陷的软件发布基础设施遭到控制,其广泛应用于美国政府和工业部门的Orion软件被攻击者植入后门。入侵者利用植入Orion的后门成功窃取大量机密资讯。[33]此外,微软和VMware产品中的缺陷允许攻击者非法访问电邮等文档或通过单点登录完成统一身份认证。[22][23][13][14][34][35]
除了数据被盗外,这次攻击还给成千上万的SolarWinds客户带来了巨大的麻烦。为防不测,他们不得不关闭系统、检查组织是否被入侵并开始为期数月的污染清除工作。[36][37]美国参议员迪克·德宾称此次网络攻击“相当于一次宣战的攻击”。[38][4]袭击被发现后,时任美国总统唐纳德·特朗普沉默了几天,推文称“假媒体总是优先质疑网络攻击来自俄罗斯,却不敢讨论网攻可能来自中国。”有媒体解读川普暗示中国(而不是俄罗斯)具有嫌疑,并表示“一切都在掌控之中”。[39][40]《路透社》2021年2月报导,5名知情人士透露,美国联邦调查局调查员发现,来自中国的骇客,利用SolarWinds软件漏洞侵入美国政府电脑,骇客所用的电脑系统和入侵工具,与由政权支持的中国网络间谍所部署的一样。[41]
背景
此次事件在唐纳德·特朗普总统任期的最后一年中持续了8到9个月。由于特朗普在2018年取消了网络安全协调员这一职位,在攻击发生时白宫没有相关专业人才。[42][43]2020年12月13日,当此次攻击事件被曝光,负责协调此类事故应对的网络安全和基础设施安全局(CISA)也缺少一名通过参议院确认程序的局长[44]——2020年11月18日,这一美国国家网络安全机构的最高官员克里斯·克雷布斯被特朗普解雇。[45][46][47]与此同时,CISA的上级机构美国国土安全部(DHS)也缺少通过参议员确认程序的部长、副部长、总顾问、主管情报和分析的次长和负责管理的次长;与此同时,特朗普仍在逼迫CISA的副部长下台。[48][49][50]此外,美国政府问责署和其他机构提出的许多联邦网络安全建议也没有得到实施。[51]
SolarWinds是一家总部位于德克萨斯州的美国政府网络监控服务承包商,在此次攻击之前其产品就已经曝出一些安全缺陷。[52]SolarWinds组织结构中没有设置首席资讯安全官或网络安全高级主管。[4][53]早在2017年就有犯罪分子有偿提供SolarWinds基础设施的访问渠道。SolarWinds甚至建议用户在安装SolarWinds软件之前禁用反病毒软件。2019年11月,一名安全研究人员警告SolarWinds,称他们的FTP伺服器“任何骇客都可能上传恶意内容并将这些内容发送给SolarWinds的客户“。[54][55][56] 由于SolarWinds的Microsoft Office 365账户已经被入侵,骇客可以访问其电子邮箱,甚至可能可以访问一些文件。[57][58]
2020年12月7日,也就是公开确认SolarWinds产品被用于大规模网络攻击的前几天,SolarWinds的前行政总裁凯文·汤普森退休。[59][60]当天,与该公司董事会有联络的两家私募股权公司抛售大量该公司股票。然而,被问及时这些公司否认进行内幕交易。[61]
攻击方法
微软漏洞利用
攻击者利用了微软产品、服务和软件分销基础设施中的缺陷。[22][14][9][17]
至少有一家微软云服务分销商被攻击者入侵,这构成了一种供应链攻击,使得攻击者能够访问被入侵分销商客户使用的云服务。[15][16][17]
除此之外,“Zerologon”漏洞(微软认证协议NetLogon中的一个漏洞)允许攻击者获取被入侵的微软网络中的所有用户名和密码。[22][23]这使得他们可以获取其他凭证来获取网络上其他合法用户的权限,帮助他们入侵Microsoft Office 365服务中的电子邮箱。
此外,微软Outlook网页应用的一个缺陷可能允许攻击者绕过多重身份验证。[13][14][64]
此次事件中的攻击者入侵了Microsoft Office 365,他们在长达几个月的时间里监控了美国国家电信资讯局(NTIA)和美国财政部工作人员的内部电邮。[9][45]他们的攻击显然使用了某种伪造的身份标记来绕过微软的认证系统。[65][66]单点登录功能的存在则增加了攻击的可行性。[35]
SolarWinds漏洞利用
攻击者也对SolarWinds使用了供应链攻击。[67]攻击者可能通过已控制的SolarWindsde的Office 365帐户控制了其公司的软件构建系统。[68][52][57][58]
2019年9月之前攻击者已经控制了SolarWinds的软件发布基础设施。[69][70]在构建系统中,攻击者修改了SolarWinds提供给网络监控软件Orion用户的软件更新。[71][72] 首次已知非法修改作为攻击者的概念验证(PoF)发生于2019年10月,这意味着他们已经获取了整个基础设施网络的控制权。
2020年3月,攻击者开始在Orion更新中植入用于攻击目标的远程访问工具。[33][73][74][75][9][76] 当用户安装更新,恶意程序将随之安装至受害者的系统。在休眠12-14天后该程序将开始尝试连接并加入攻击者的僵尸网络。[77][78][79][80]成功加入网络后,攻击者将获得对该系统的控制后门[81]。攻击者巧妙地将恶意程序流量伪装成合法Solarwinds流量来掩盖其意图。[68][82]根据CDN服务商统计,起初几周访问攻击者僵尸网络的流量主要来自北美,随后拓展到南美、欧洲和亚洲。[83]
攻击者似乎只使用了高价值目标系统的后门程序,[77]一旦进入目标网络,攻击者就会安装Cobalt strike等工具来提升权限。[84][82][68][1]由于Orion作为一个可信的第三方应用程式连接到客户的Office 365帐户,攻击者可以获得访问电邮和其他机密文件的权限。[85]这种权限使得他们能够在系统中寻找有效的SAML证书,并使用这些证书伪装成合法用户,使用其他本地或线上服务并加密转移他们感兴趣的数据。[86]一旦窃取到合法身份,关闭Orion便不再能够切断攻击者对目标的访问。[5][87][88][67]
攻击者的僵尸网络控制器托管在亚马逊、微软、GoDaddy等美国公司的商业云服务上。[89]由于恶意软件是全新开发,且攻击流量来自美国本土,攻击者成功绕过DHS的国家网络安全系统Einstein。[79][4][90]
联邦调查局(FBI)的调查人员还发现,SolarWinds产品中的其他漏洞被另一组骇客利用,入侵了美国政府的电脑系统。[91]
VMware漏洞利用
此次事件中的攻击者还利用了VMware Access和VMware身份管理器的漏洞。这些漏洞能帮助入侵者持久化入侵成果。[20][21]截至2020年12月18日,虽然已经确定SUNBURST木马足够帮助入侵者利用VMware的漏洞,但是攻击者是否使用过该漏洞仍旧不明。
发现
微软漏洞
在2019年和2020年期间,网络安全公司Volexity发现一匿名智库的微软产品存在漏洞并遭到入侵者利用。[92][93][13]攻击者使用独特的方法利用了该组织Exchange控制面板中的一个漏洞绕过了多重身份验证。2020年6月至7月,Volexity发现SolarWinds Orion漏洞植入了木马。即:微软漏洞(攻击入口)和SolarWinds供应链攻击(攻击目标)可以被入侵者结合,用来实现目的。Volexity表示他们无法确认攻击者的身份。
同样在2020年,微软发现有攻击者试图使用微软Azure基础设施非法访问CrowdStrike的电子邮箱。由于CrowdStrike出于安全考虑不使用Office365处理邮件,这次攻击失败了。[94]
另外,在2020年10月前后,微软威胁情报中心报告称,一个明显受到他国协助的攻击者利用微软NetLogon协议中的“ZeroLogon”漏洞进行攻击。[22][23]2020年10月22日,CISA收到报告并向各州、地方、区县政府发出警告,要求他们寻找自身网络是否有遭到入侵的迹象,并指示他们如果受到威胁就重建网络。[95]2020年12月,VirusTotal和The Intercept接连发现德州奥斯汀市政府遭到入侵迹象。
SolarWinds漏洞利用
2020年12月8日,网络安全公司火眼(FireEye)称其使用的红方工具被它国政府支持的骇客组织窃取,其怀疑对象是俄罗斯对外情报局(SVR)。[96][97][98][26][99]火眼公司表示,在调查其自身遭到的入侵和工具盗窃案过程中,他们意外发现了SolarWinds供应链攻击。[100][101]
FireEye在发现入侵行为后将其报告给负责美国网络安全防护的美国国家安全局(NSA)。[1]在接获火眼报告前,NSA对入侵毫不知情,而NSA也是SolarWinds的客户。
几天后,也就是12月13日,财政部和商务部遭入侵被公开,消息人士称这与火眼系统遭到入侵相关。[9][26]12月15日,火眼公司证实,攻击财政部等部门与火眼的介质均为植入SolarWinds Orion软件升级的木马程序。[54][102]
安全部门把注意力转移到了Orion软件升级上。发现被感染的版本是发布于2020年3月至2020年6月间发布的2019.4至2020.2.1HF1。[73][84]火眼将这款恶意软件命名为SUNBURST。[18][19]微软称之为Solorigate。[52]攻击者用来插入SUNBURST到Orion更新的工具后来被网络安全公司CrowdStrike分离,他们称之为SUNSPOT。[69][103][72]
DomainTools和ReversingLabs分别使用DNS数据和Orion二进制逆向工程进行了后续分析,为公众揭示了攻击的更多细节。
VMware漏洞利用
在2020年12月3日之前的一段时间,NSA发现并通知VMware其产品VMware Access和VMware身份管理器中存在漏洞。[20]后者2020年12月3日发布了补丁。2020年12月7日,NSA宣称由于俄罗斯政府支持的攻击者正在积极利用这些漏洞,用户应当及时安装补丁。[104]
责任
调查结论
SolarWinds认为是外国势力向Orion插入了恶意软件。[10]俄罗斯支持的骇客组织被怀疑是幕后黑手。[105][9][24]美国官员表示,具体来讲责任方可能是SVR或Cozy Bear(也称为APT29)。[26][25]FireEye将攻击者命名为UNC2452;事故应对公司Volexity称他们为“暗晕(Dark Halo)”。[68][13][93]2020年12月23日,FireEye行政总裁表示,俄罗斯是最有可能的罪魁祸首,这些攻击的手法与SVR惯用方法“非常相似”。[106]
2021年1月,网络安全公司卡巴斯基实验室称SUNBURST类似于Kazuar。据信,与爱沙尼亚情报部门有关联的APT团体Turla创造了Kazuar,而爱沙尼亚情报部门与俄罗斯联邦安全局有联络。[107][103][108][109][110]
FBI的调查人员发现,疑似来自中国的骇客利用SolarWinds产品中的漏洞入侵美国政府机构(如农业部下辖国家财务中心)的电脑,可能危及数千名政府雇员的数据。骇客利用Orion代码中的另一个漏洞帮助他们控制受害者的系统,因此这次入侵被认为独立于前述攻击行动。美国前联邦首席资讯安全官格雷戈里·图希尔(Gregory Touhill)将两个骇客团体先后瞄准同一软件的事实,比作自行车比赛中的“破风”行为。[111][91]
美国政府
2020年10月22日,CISA和FBI确认微软ZeroLogin攻击者为外国政府支持的APT组织Berserk Bear,它被认为是俄罗斯联邦安全局的一部分。[22]
12月18日,时任美国国务卿迈克·彭佩奥说,俄罗斯“显然”对这次网络攻击负有责任。[112][113][114]
12月19日,时任美国总统唐纳德·特朗普首次公开发表声明,暗示可能是中国而不是俄罗斯对此负责,但没有证据。[39][115][114][40]同一天,参议院情报委员会(Senate Intelligence Committee)代理主席、共和党参议员马尔科·卢比奥表示:“越来越清楚的是,俄罗斯情报部门对我国实施了历史上最严重的网络入侵”[30][116]
12月20日,民主党参议员马克·沃纳在接受情报官员的简报时说:“所有迹象都指向俄罗斯。”[117]
2020年12月21日,司法部长威廉·巴尔表示,他同意彭佩奥认定的网络骇客来源,并且称“肯定是俄罗斯人”,这与特朗普的说法相矛盾。[118][119][120]
2021年1月5日,CISA、FBI、NSA和美国国家情报总监办公室声称,他们认为俄罗斯是最有可能的罪魁祸首。[121][122][123]
他国政府表态
俄罗斯否认与此事有关。[124]
2020年12月21日,中国外交部新闻发言人汪文斌答法新社记者问时表示:“美方在网络攻击问题上的有关指责是不严肃的,而且自相矛盾。美方对中方的相关指责是出于政治目的,意在抹黑栽赃中国。中方对此表示坚决反对。长期以来,美国把网络安全问题政治化,在没有确凿证据的情况下,不断散布虚假资讯,向中国泼脏水,企图损毁中国形象,误导国际社会。这样的言行与美方的国际地位完全不符。希望美方在网络安全问题上能采取更加负责任的态度。”[125]
影响
美国财政部和商务部发现的这些漏洞立即引发了人们对其他部门亦被入侵的担忧。[65][24]进一步的调查证明这些担忧是有根据的。[1]不久,又有其他联邦部门被发现遭到入侵。[126][6]
SolarWinds表示,在其30万客户中,有33,000客户使用Orion。[1]其中,大约有18000名用户安装了被安插后门的版本。[5][127]
美国疾病控制和预防中心、司法部和一些公用事业公司已经下载安装具有后门的版本。[1]其他SolarWinds的知名客户包括洛斯阿拉莫斯国家实验室、波音和大多数财富500强企业,但它们是否使用Orion尚不明确。[128]据报道,SolarWinds的海外客户包括英国内政部、国民保健署和英国信号情报处;北大西洋公约组织(NATO) ;欧洲议会;可能还有阿斯利康公司。[5][29]FireEye表示,北美、欧洲、亚洲和中东地区更多的政府、咨询、技术、电信和采掘实体也可能受到影响。
仅仅安装有后门的Orion并不一定足以导致数据泄露。[1][129]数据泄露调查因以下因素而变得复杂:
- 攻击者可能移除了入侵留下的证据,使调查人员无法得知组织的数据是否泄露;
- 由于组织主干网络可能遭到入侵,相关组织可能启用了安全的备用网络并封锁主干网络的数据,阻止了攻击者窃取数据;
- Orion本身就是一个网络监控工具,没有这个工具,用户对其网络的控制能力会降低,因而无法感知入侵者的存在。[62][67]
截至2020年12月中旬,美国仍在追查数据泄露事件中被盗的数据并确定这些数据可能的用途。[9][130]评论人士表示,袭击中窃取的资讯将在未来几年增加犯罪者的影响力。[57][131][80]这些数据可能的用途包括攻击像CIA和NSA这样的硬目标,或者通过勒索招募间谍。[4][132]网络冲突专家、柏林洪堡大学教授托马斯·里德说:“被盗数据将有无数的用途”,他补充道:“所采集的数据量很可能是《月光迷宫》中的数据量的许多倍,如果把数据打印出来堆到一起,会比华盛顿纪念碑高得多。”
即使在没有发生数据泄露的地方,此次事件影响也是显著的。[37]CISA建议在重建前,将所有暴露在被入侵网络中的装置从可信来源列表中除去;而所有暴露在SolarWinds软件中的凭证都应被视为受到破坏并重置。[133]安全公司还建议搜索日志文件,找出具体的危害。[134][135][136]
然而,攻击者似乎删除或篡改了日志记录,并可能修改了网络或系统设置。[62][137]前国土安全部顾问托马斯·P·博塞特警告说,完全消除攻击者给美国带来的影响可能需要数年时间,使他们能够在此期间继续监视、摧毁或篡改数据。[36]哈佛大学的布鲁斯·施耐尔和纽约大学学者、空军网络学院的创始院长潘诺认为受影响的网络可能需要被整体更换。[138][139]
通过盗窃软件密钥,俄罗斯骇客能够进入美国财政部最高级别官员使用的电邮系统。由于财政部在做出影响市场、经济制裁等决定以及与美联储的互动中扮演着重要角色,尽管这个系统虽然并不机密性,但却是高度敏感的。[120]
遭受数据泄露影响的实体清单
美国联邦政府
政府机构类型 | 机构名称 | 受影响部分 | 泄露数据 | 消息源 |
---|---|---|---|---|
行政 | 农业部 | 国家财政中心 | [6][140][86][141][142][91] | |
商务部 | 国家电信资讯局 | [1][143][78][80][144][145][146] | ||
国防部 | 五角大楼部分网络系统 | |||
能源部 | 国家核安全管理局 | [3][147][148][149][150][151][152] | ||
卫生及公共服务部 | 国家卫生院 | |||
国土安全部 | 网络安全和基础设施安全局 | [153][154] | ||
司法部 | ~3000托管于Microsoft Office 365伺服器的电子邮箱账户 | [155][7][156][157][158][159] | ||
劳工部 | 劳工统计局 | [2] | ||
国务院 | ||||
财政部 | [160][161][162][35] | |||
司法 | 美国法院行政办公室 | 案件管理与电子档案系统(CM/ECF) | 包含密封档案在内的庭审记录 | [163][164][165][166][167][168][169][170][171] |
美国地方政府
州 | 受影响地区 | 消息源 |
---|---|---|
亚利桑那 | 皮马县 | [172][173] |
加利福尼亚 | 加州州立医院 | |
俄亥俄 | 肯特州立大学 | [174] |
德克萨斯 | 奥斯汀 | [22] |
私有组织
组织名称 | 泄露数据内容 | 消息源 |
---|---|---|
贝尔金 | [174] | |
思科系统 | [175][176][162][173] | |
考克斯通讯 | [172][177] | |
Equifax | ||
Fidelis Care | ||
火眼安全实验室 |
|
[143][160][78][144] |
Malwarebytes Anti-Malware | ||
微软 |
|
[32][149][178][179][180][181][182][3][183][184][185][145][146][154][186][187][188][189][190][191][192] |
Mimecast | [193][194][195][196][197][198] | |
英伟达 | ||
派拓网络 | [199] | |
勒瑞莱斯圣雅克科利斯 | ||
SolarWinds |
|
|
匿名智库 | [13][129][93][14][64][123] | |
VMware |
对调查的回应
高新技术企业的回应
2020年12月8日,在其他组织被攻破之前,FireEye公布了针对红队工具被盗的对策。[99][200]
2020年12月15日,微软宣布SUNBURST只影响使用Windows的电脑,从12月16日起相关恶意软件已加入到微软的数据库中,Microsoft Denfender将能够检测并隔离SUNBURST。[201][144]
GoDaddy将攻击中使用的僵尸网络控制器的所有权交给了微软,使微软能够激活SUNBURST的自毁程序,并协助寻找受害者。
2020年12月14日,几家美国公用事业公司的行政总裁召开会议,讨论这些攻击给电网带来的风险。[1]2020年12月22日,美国北美电力可靠度协会要求电力公司报告他们接触太阳风软件的程度。[202]
在骇客攻击后SolarWinds并未公布受影响客户列表,且根据网络安全公司GreyNoise Intelligence消息,截至12月15日,SolarWinds仍然没有从其发布伺服器上删除受感染的软件更新。[203][54][57][204]
2021年1月5日左右,SolarWinds的投资者以该公司产品缺乏安全性导致股票价格下跌为由对该公司提起集体诉讼。[205][206]不久之后,SolarWinds雇佣了前CISA部长开设的一家新的网络安全公司。[207]
Linux基金会指出,如果Orion是开源的,用户就能够自行审查该软件及其流通版本,提高恶意软件被发现的概率。[208]
美国政府表态
2020年12月18日,时任国务卿彭佩奥表示,此次事件的一些细节将会保密。[71]
美国国家安全机构表态
2020年12月12日,美国国家安全委员会(NSC)为讨论事件对联邦组织的破坏在白宫召开会议。[9]2020年12月13日,CISA向联邦机构发布紧急指令,要求机构即使降低其对自身网络的监控能力,也要关闭SolarWinds软件来减少被入侵的风险。[1][133]
2020年12月14日,美国商务部证实其已经要求CISA和FBI就被入侵一事进行调查。[9][26][209]NSC启动了奥巴马时代的总统政策指令41,并召集了网络反应小组。[210][42]美国网络司令部威胁称,调查结果出炉后,美国会迅速报复攻击者。[211]
联邦能源管理委员会(FERC)帮助弥补了CISA的人员短缺。[147][67][148]FBI、CISA和国家情报总监办公室(ODNI)成立了一个网络统一协调小组(UCG)来协调他们的努力。[212]
2020年12月24日,CISA表示,除了联邦机构和已曝出的私人组织,一些州和地方政府网络也受到了袭击的影响,但没有提供更多细节。[213]
美国国会表态
参议院军事委员会的网络安全小组委员会听取了国防部官员的简报。[88]众议院国土安全委员会和众议院监督和改革委员会启动了一项调查。[32]参议院情报委员会代理主席马尔科·卢比奥说,在确定肇事者的身份之后美国必须进行报复。[214]该委员会副主席马克·华纳(Mark Warner)批评特朗普总统没有正面回应这起骇客事件。[215]
参议员罗恩·怀登呼吁对联邦机构使用的软件进行强制性安全审查。[143][141]
2020年12月22日,在美国财政部长史蒂文·努钦(Steven Mnuchin)告诉记者,他“完全了解这件事”之后,微软向参议院财政委员会(Senate Finance Committee)通报称骇客侵入了财政部高级官员办公的财政部部门办公室(department office)的系统,数十个财政部电邮账户被骇客窃取控制。[35][120]参议员威登表示,简报显示财政部“仍不清楚骇客的所有行动,或者确切地说,哪些财政部资讯被盗”。
2020年12月23日,参议员鲍勃·梅内德斯要求国务院公布数据泄露情况,参议员理查德·布卢门撒尔也向退伍军人管理局提出了同样的要求。[216][217]
美国司法机构表态
美国法院行政办公室与国土安全部一起对美国司法机构的案件管理/电子案件档案系统(CM/ECF)进行了评估。[163][170]CM/ECF将停止线上接收高敏法院文件,这些文件只能以纸质材料形式或通过设有网闸的装置归档。[165][166][167]
时任总统特朗普表态
事件曝光后,唐纳德·特朗普总统几天没有对此事发表评论。参议员米特·罗姆尼谴责称特朗普“沉默且不作为”。[218]12月19日,特朗普首次公开谈论了这些攻击:他淡化了这次骇客攻击,认为媒体夸大了事件的严重性,称“一切都在控制之中”。特朗普在没有证据的情况下提出可能是中国而不是俄罗斯应对这次攻击负责。[115][114][112][219][220]
《路透社》2021年2月2日报导,5名知情人士透露,美国联邦调查局FBI调查员发现,来自中国的骇客,利用SolarWinds太阳风的软件漏洞,侵入美国政府电脑,导致数千名政府雇员资料可能外泄;骇客所用的电脑系统和入侵工具,与由政权支持的中国网络间谍所部署的一样。[41]
《纽约时报》报导称,川普在没有证据的情况下推测称,这次攻击可能还涉及对投票机的“攻击”。特朗普的说法遭到了CISA前主管克里斯·克雷布斯的反驳,他指出特朗普的说法是不可能的。[1][221]曾主导通俄门案的民主党籍众议院情报委员会(House Intelligence Committee)主席亚当·希夫(Adam Schiff)称特朗普的言论是“对我们国家安全的可耻背叛”,“听起来像是克里姆林宫给他写的稿子”。[222]
前国土安全顾问托马斯·博塞特评论特朗普言论称:“特朗普总统即将抛弃遭受俄罗斯侵害的联邦政府,或许还有大量主要行业。”他还指出,为了减轻攻击造成的破坏,需要国会采取行动,包括通过《国防授权法案》采取行动。[223][36] The Verge政策编辑拉塞尔·布兰多姆(Russell Brandom)称美国对此次骇客攻击准备不足,并批评特朗普一贯“将联邦网络安全工作视为一个更具党派色彩的战场,之所以对网络安全感兴趣是因为它们作为政治大棒的价值”。布兰多姆写道,“这不是管理世界上最强大的情报机构的方式。”[44]弗雷德·卡普兰(Fred Kaplan)在《Slate》杂志上撰文批评特朗普宣扬虚假的选举欺诈指控,同时“忽视了真正的网络安全危机”,他写道:“尽管特朗普对那些虚构的骇客窃取了选举结果大发牢骚,但他对国家真正的网络安全明显不感兴趣。”[42] 《时尚先生》评论员查尔斯·皮尔斯批评特朗普政府“玩忽职守”,称特朗普是“不老实、无能的混乱代理人”[224]
总统拜登表态
时任当选总统乔·拜登说:“一个好的防御系统是不够的,我们首先需要扰乱敌人的计划,阻止敌人的网络攻击。 面对我们国家遭受的网络攻击,我不会袖手旁观。”[225]拜登说,他已经指示过渡团队研究此次攻击事件,将把网络安全作为(下一届)各级政府的首要任务,并将找出、惩罚攻击者。[63][3] 拜登即将上任的幕僚长罗恩·克莱因说,拜登政府对骇客行为的回应将不仅仅是制裁。[226]
2020年12月22日,拜登表示“没有看到任何能表明局势得到控制的证据”,并称他的过渡团队仍然无法从特朗普政府获得此次袭击的部分简报。[227][228]
2021年1月,拜登任命了两个安全相关的白宫职位:国土安全顾问伊丽莎白·舍伍德-兰德尔(Elizabeth Sherwood-Randall)和负责网络和新兴技术的副国家安全顾问安妮·纽伯格(Anne Neuberger)。[229]
世界其他地区回应
北约表示“为确定和减轻我们网络的任何潜在风险,北约正在评估形势。”[29]12月18日,英国国家网络安全中心表示他们仍在确定这些攻击对英国的影响。[230]英国和爱尔兰的网络安全机构发布了针对SolarWinds客户的警报。[124]
2020年12月23日,英国国家隐私权机构“资讯专员办公室”要求英国组织立即检查他们是否受到了影响。[106][231]
2020年12月24日,加拿大网络安全中心要求加拿大的SolarWinds Orion用户检查系统是否受到攻击。[232][233]
事件定性:网络战争行为还是网络间谍行为?
这次攻击引发了一场辩论:这次骇客攻击应该被视为网络间谍活动还是网络战争行为?[234]
大多数现任和前任美国官员认为,2020年的此次骇客攻击是“令人震惊的间谍行为”,但由于攻击者没有破坏或篡改行为,也没有造成对基础设施(如对电网、电信网络等)的实际损害,所以不是网络战争。[235]大西洋理事会、哥伦比亚萨尔茨曼研究所的埃里卡·博格哈德和胡佛协会、海军战争学院的杰奎琳·施耐德认为,这次入侵是一种间谍行为,可以用“逮捕、外交或反间谍”来回应,而且尚未被证明是一次在法律上允许美国以武力回应的网络战争行为。[236]法学教授杰克·戈德史密斯写道,这次骇客攻击是一次具有破坏性的网络间谍行为,但“并不违反国际法或国际规范”,并写道,“由于美国自身的做法,美国政府历来承认外国政府在美国政府网络中从事网络间谍活动的合法性。”[237] 法学教授迈克尔·施密特对此引用了《塔林手册》的例子以表示赞同。[238]
相比之下,微软总裁布拉德·史密斯将此次骇客攻击称为网络战争,称“即使是在数字时代,这也不是‘像往常一样的间谍活动’。因为它‘不仅针对特定目标,而且是对全球关键网络基础设施可靠性的攻击’”[235][239][240]美国参议员理查德·杜宾称此次袭击相当于一场宣战。[38][4]
关于美国可能的报复行为的辩论
为《连线》杂志撰稿的博格哈德和施耐德认为,美国“应该继续建立并依靠战略威慑来说服各国不要将其收集的网络情报武器化”。他们还表示,由于威慑可能无法有效阻止威胁行为者的网络间谍企图,美国还应该通过加强网络防御、更好的资讯共享和“前沿防御”(减少俄罗斯和中国的攻击性网络能力)等方法,降低网络间谍活动的成功率。[236]
戈德史密斯在为《The Dispatch》撰写的文章中写道:防御和威慑网络入侵战略的失败,应该促使美国考虑采取“相互克制”战略。“即美国减少在外国网络中的某些(间谍)活动,来换取对手在美国网络中的宽容。”[237]
网络安全作家布鲁斯·施奈尔反对报复或增强攻击能力,他建议采取一种以防御为主导的战略,并建议签署《网络空间信任与安全巴黎倡议》或参与全球网络空间稳定委员会(Global Commission on the Stability of Cyberspace)。[241]
为《纽约时报》撰文时,前中央情报局特工、哈佛大学贝尔弗科学与国际事务中心情报项目主任保罗·科尔贝(Paul Kolbe)赞同了施奈尔的呼吁,要求美国改进网络防御和国际协议。他还指出,美国也在参与针对其它国家的类似行动,他称这是一场相互的网络冲突。[242]
在《Slate》杂志上,弗雷德·卡普兰发表评论称,自1967年以来,导致这种电脑网络入侵的结构性问题已经为公众所知,而且历届美国政府都未能实施相关专家反复要求的结构性防御措施。[243]他指出,对间谍活动的过激反应与美国利益相左,而加强防御并明确应对网络冲突政策将是更有成效的策略。[244]
另见
参考资料
- ^ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 Sanger, David E.; Perlroth, Nicole; Schmitt, Eric. Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit. The New York Times. December 15, 2020 [December 15, 2020]. (原始内容存档于December 18, 2020).
- ^ 2.0 2.1 Morath, Eric; Cambon, Sarah Chaney. SolarWinds Hack Leaves Market-Sensitive Labor Data Intact, Scalia Says. The Wall Street Journal. January 14, 2021 [2021-03-03]. (原始内容存档于2021-06-07).
- ^ 3.0 3.1 3.2 3.3 Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed. Bloomberg L.P. December 17, 2020 [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack. The New York Times. December 16, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 5.0 5.1 5.2 5.3 5.4 Stubbs, Jack; Satter, Raphael; Menn, Joseph. U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack. Reuters. December 15, 2020 [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ 6.0 6.1 6.2 Fung, Brian. Why the US government hack is literally keeping security experts awake at night. CNN. [December 18, 2020]. (原始内容存档于December 17, 2020).
- ^ 7.0 7.1 Goodin, Dan. DoJ says SolarWinds hackers breached its Office 365 system and read email. Ars Technica. January 7, 2021 [2021-03-03]. (原始内容存档于2021-02-07).
- ^ SolarWinds Likely Hacked at Least One Year Before Breach Discovery. SecurityWeek.com. [2021-03-03]. (原始内容存档于2021-02-18).
- ^ 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 Bing, Christopher. Suspected Russian hackers spied on U.S. Treasury emails – sources. Reuters. December 14, 2020 [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ 10.0 10.1 10.2 10.3 O'Brien, Matt. EXPLAINER: How bad is the hack that targeted US agencies?. Houston Chronicle. December 15, 2020 [December 15, 2020]. (原始内容存档于December 14, 2020).
- ^ SolarWinds Orion: More US government agencies hacked. BBC. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Cook, James. Microsoft warns UK companies were targeted by SolarWinds hackers. December 18, 2020 [2021-03-03]. (原始内容存档于2021-04-19) –通过www.telegraph.co.uk.
- ^ 13.0 13.1 13.2 13.3 13.4 13.5 Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank. SecurityWeek.com. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 14.0 14.1 14.2 14.3 14.4 Goodin, Dan. SolarWinds hackers have a clever way to bypass multi-factor authentication. Ars Technica. December 15, 2020 [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 15.0 15.1 15.2 Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk. www.msn.com. [2021-03-03]. (原始内容存档于2021-04-17).
- ^ 16.0 16.1 16.2 Satter, Joseph Menn, Raphael. Suspected Russian hackers used Microsoft vendors to breach customers. December 24, 2020 [2021-03-03]. (原始内容存档于2021-03-24).
- ^ 17.0 17.1 17.2 17.3 Perlroth, Nicole. Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks. December 25, 2020 [2021-03-03]. (原始内容存档于2021-05-31).
- ^ 18.0 18.1 Microsoft, FireEye confirm SolarWinds supply chain attack. ZDNet. December 14, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 19.0 19.1 Sunburst Trojan – What You Need to Know. Deep Instinct. December 16, 2020 [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 20.0 20.1 20.2 20.3 20.4 VMware Flaw a Vector in SolarWinds Breach?. Krebs on Security. December 7, 2020 [December 18, 2020]. (原始内容存档于2021-03-11).
- ^ 21.0 21.1 VMware Falls on Report Its Software Led to SolarWinds Breach. Bloomberg. December 18, 2020 [December 18, 2020]. (原始内容存档于2021-03-26).
- ^ 22.0 22.1 22.2 22.3 22.4 22.5 22.6 22.7 22.8 Hvistendahl, Mara. Russian Hackers Have Been Inside Austin City Network for Months. The Intercept. December 17, 2020 [December 18, 2020]. (原始内容存档于December 17, 2020).
- ^ 23.0 23.1 23.2 23.3 CISA orders agencies to quickly patch critical Netlogon bug. CyberScoop. September 21, 2020 [December 18, 2020]. (原始内容存档于October 30, 2020).
- ^ 24.0 24.1 24.2 24.3 Bing, Christopher. REFILE-EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources. Reuters. December 13, 2020 [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ 25.0 25.1 25.2 25.3 25.4 Nakashima, Ellen. Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm. The Washington Post. December 13, 2020 [December 14, 2020]. (原始内容存档于December 13, 2020).
- ^ 26.0 26.1 26.2 26.3 26.4 26.5 Federal government breached by Russian hackers who targeted FireEye. NBC News. [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo. BBC. 2020-12-19 [2020-12-19]. (原始内容存档于2021-05-27).
- ^ Washington, Georgi Kantchev in Moscow and Warren P. Strobel in. How Russia's 'Info Warrior' Hackers Let Kremlin Play Geopolitics on the Cheap. Wall Street Journal. 2021-01-02 [2021-01-05]. ISSN 0099-9660. (原始内容存档于2021-01-08) (美国英语).
- ^ 29.0 29.1 29.2 29.3 U.K. Government, NATO Join U.S. in Monitoring Risk From Hack. Bloomberg L.P. December 14, 2020 [December 16, 2020]. (原始内容存档于December 15, 2020).
- ^ 30.0 30.1 At Least 200 Victims Identified in Suspected Russian Hacking. December 19, 2020 [2021-03-03]. (原始内容存档于2021-04-06).
- ^ Bing, Christopher. Suspected Russian hackers spied on U.S. Treasury emails – sources. Reuters. December 14, 2020 [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ 32.0 32.1 32.2 Menn, Joseph. Microsoft says it found malicious software in its systems. Reuters. December 18, 2020 [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 33.0 33.1 Wolff, Josephine. What We Do and Don't Know About the Massive Federal Government Hack. Slate. December 16, 2020 [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Cimpanu, Catalin. NSA warns of federated login abuse for local-to-cloud attacks. Zero Day. Ziff-Davis. 2020-12-18 [2020-12-19]. (原始内容存档于2021-02-09).
- ^ 35.0 35.1 35.2 35.3 Satter, Raphael. 'Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden. December 22, 2020 [2021-03-03]. (原始内容存档于2020-12-28).
- ^ 36.0 36.1 36.2 It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns. MSN. [2021-03-03]. (原始内容存档于2022-01-10).
- ^ 37.0 37.1 Here are the critical responses required of all businesses after SolarWinds supply-chain hack. SC Media. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 38.0 38.1 Gould, Joe. No. 2 Senate Democrat decries alleged Russian hack as 'virtual invasion'. Defense News. December 17, 2020 [2021-03-03]. (原始内容存档于2021-01-31).
- ^ 39.0 39.1 Colvin, Jill. Trump downplays Russia in first comments on hacking campaign. Associated Press. 2020-12-19 [2020-12-20]. (原始内容存档于2021-02-23).
- ^ 40.0 40.1 Stracqualursi, Veronica. Trump downplays massive cyber hack on government after Pompeo links attack to Russia. CNN. 19 December 2020 [19 December 2020]. (原始内容存档于2021-05-13).
- ^ 41.0 41.1 Christopher Bing, Jack Stubbs, Raphael Satter, Joseph Menn. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources. 路透社REUTERS. 2021-02-02 [2021-03-03]. (原始内容存档于2021-05-05).
- ^ 42.0 42.1 42.2 Kaplan, Fred. Trump Has Been Whining About Fake Fraud—and Ignoring a Real Cybersecurity Crisis. Slate. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Perlroth, Nicole; Sanger, David E. White House Eliminates Cybersecurity Coordinator Role (Published 2018). The New York Times. May 16, 2018 [December 16, 2020]. (原始内容存档于December 13, 2020).
- ^ 44.0 44.1 Brandom, Russell. Trump's chaos made America a sitting duck for cyberattacks. The Verge. December 14, 2020 [December 17, 2020]. (原始内容存档于December 15, 2020).
- ^ 45.0 45.1 Russian government hackers behind breach at US treasury and commerce departments. The Independent. December 13, 2020 [December 14, 2020]. (原始内容存档于December 13, 2020).
- ^ Nakashima, Ellen; Miroff, Nick. Trump fires top DHS official who refuted his claims that the election was rigged. The Washington Post. November 17, 2020 [November 18, 2020]. (原始内容存档于November 18, 2020).
- ^ Bowden, John. Hackers backed by foreign government breach Treasury, Commerce departments: reports. The Hill. December 13, 2020 [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ Cobb, Adrienne. Forensic News Roundup: Russia hacks U.S. government, Trump silent.. Forensic News. December 15, 2020 [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ Leadership. Department of Homeland Security. September 7, 2006 [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Miller, Maggie. Senior DHS cybersecurity official to step down at end of week. The Hill. November 12, 2020 [December 17, 2020]. (原始内容存档于November 28, 2020).
- ^ Sebenius, Alyza. SolarWinds Hack Followed Years of Warnings of Weak Cybersecurity. Bloomberg.com. 2021-01-13 [2021-01-13]. (原始内容存档于2021-05-17).
- ^ 52.0 52.1 52.2 The SolarWinds Perfect Storm: Default Password, Access Sales and More. threatpost.com. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ SolarWinds Adviser Warned of Lax Security Years Before Hack. December 21, 2020 [December 22, 2020]. (原始内容存档于2021-05-16).
- ^ 54.0 54.1 54.2 SolarWinds Hack Could Affect 18K Customers. Krebs on Security. [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Varghese, Sam. SolarWinds FTP credentials were leaking on GitHub in November 2019. itwire.com. [December 17, 2020]. (原始内容存档于December 15, 2020).
- ^ Hackers used SolarWinds' dominance against it in sprawling spy campaign. Reuters. December 16, 2020 [December 16, 2020]. (原始内容存档于December 17, 2020) (英语).
- ^ 57.0 57.1 57.2 57.3 McCarthy, Kieren. SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks. The Register. [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 58.0 58.1 Claburn, Thomas. We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'. The Register. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ Novet, Jordan. SolarWinds hack has shaved 23% from software company's stock this week. CNBC. December 16, 2020 [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ McCarthy, Kieren. SolarWinds' shares drop 22 per cent. But what's this? $286m in stock sales just before hack announced?. The Register. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ SolarWinds falls under scrutiny after hack, stock sales. MarketWatch. Associated Press. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 62.0 62.1 62.2 Menn, Joseph. Microsoft says it found malicious software in its systems. Reuters. December 18, 2020 [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ 63.0 63.1 Sanger, David E.; Perlroth, Nicole. More Hacking Attacks Found as Officials Warn of 'Grave Risk' to U.S. Government. The New York Times. December 17, 2020 [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 64.0 64.1 How the SolarWinds Hackers Bypassed Duo's Multi-Factor Authentication – Schneier on Security. schneier.com. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 65.0 65.1 US treasury hacked by foreign government group – report. The Guardian. December 13, 2020 [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ Foreign government hacked into US Treasury Department's emails – reports. Sky News. [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ 67.0 67.1 67.2 67.3 No One Knows How Deep Russia's Hacking Rampage Goes. Wired. [December 16, 2020]. (原始内容存档于December 17, 2020).
- ^ 68.0 68.1 68.2 68.3 Goodin, Dan. ~18,000 organizations downloaded backdoor planted by Cozy Bear hackers. Ars Technica. December 14, 2020 [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 69.0 69.1 Cimpanu, Catalin. Third malware strain discovered in SolarWinds supply chain attack. ZDNet. 2021-01-12 [2021-01-13]. (原始内容存档于2021-03-18).
- ^ Sebastian, Dave. SolarWinds Discloses Earlier Evidence of Hack. WSJ. 2021-01-12 [2021-01-13]. (原始内容存档于2021-06-07).
- ^ 71.0 71.1 Sharwood, Simon. Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ. The Register. [2021-03-03]. (原始内容存档于2021-02-01).
- ^ 72.0 72.1 Corfield, Gareth. SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there – report. The Register. 2021-01-12 [2021-01-13]. (原始内容存档于2021-03-02).
- ^ 73.0 73.1 Cimpanu, Catalin. Microsoft to quarantine SolarWinds apps linked to recent hack. ZDNet. [December 16, 2020]. (原始内容存档于December 17, 2020).
- ^ Lyons, Kim. Hackers backed by Russian government reportedly breached US government agencies. The Verge. December 13, 2020 [December 15, 2020]. (原始内容存档于December 14, 2020).
- ^ CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products. CISA. [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ U.S. Government Agencies Hit by Hackers During Software Update. MSN. [December 14, 2020]. (原始内容存档于December 18, 2020).
- ^ 77.0 77.1 Cimpanu, Catalin. Microsoft and industry partners seize key domain used in SolarWinds hack. ZDNet. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 78.0 78.1 78.2 DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report. threatpost.com. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 79.0 79.1 Timberg, Craig; Nakashima, Ellen. Russians outsmart US government hacker detection system — but Moscow denies involvement. The Independent. December 16, 2020 [December 16, 2016]. (原始内容存档于December 18, 2020).
- ^ 80.0 80.1 80.2 SolarWinds: Why the Sunburst hack is so serious. BBC. December 16, 2020 [December 18, 2020]. (原始内容存档于December 16, 2020).
- ^ FireEye, Microsoft create kill switch for SolarWinds backdoor. BleepingComputer. [December 18, 2020]. (原始内容存档于December 17, 2020).
- ^ 82.0 82.1 SolarWinds Orion and UNC2452 – Summary and Recommendations. TrustedSec. December 14, 2020 [December 17, 2020]. (原始内容存档于December 15, 2020).
- ^ Trend data on the SolarWinds Orion compromise. The Cloudflare Blog. December 16, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 84.0 84.1 After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation. SC Media. December 14, 2020 [December 17, 2020]. (原始内容存档于December 15, 2020).
- ^ Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack. CipherCloud. December 18, 2020 [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ 86.0 86.1 Massive hack of US government launches search for answers as Russia named top suspect. ABC57. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ Dorfman, Zach. What we know about Russia's sprawling hack into federal agencies. Axios. [December 16, 2020]. (原始内容存档于December 15, 2020).
- ^ 88.0 88.1 Schiff calls for 'urgent' work to defend nation in the wake of massive cyberattack. MSN. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ Unraveling Network Infrastructure Linked to the SolarWinds Hack. DomainTools. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it.. The Seattle Times. [December 16, 2020]. (原始内容存档于December 18, 2020).
- ^ 91.0 91.1 91.2 Menn, Christopher Bing, Jack Stubbs, Raphael Satter, Joseph. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources. Reuters. 2021-02-03 [2021-02-08]. (原始内容存档于2021-05-05) (英语).
- ^ Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Volexity. [2021-03-03]. (原始内容存档于2021-05-31).
- ^ 93.0 93.1 93.2 Tarabay, Jamie. Hacking Spree by Suspected Russians Included U.S. Think Tank. Bloomberg L.P. December 15, 2020 [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ Microsoft alerts CrowdStrike of hackers' attempted break-in. CyberScoop. December 24, 2020 [2021-03-03]. (原始内容存档于2021-01-04).
- ^ Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. CISA. [2021-03-03]. (原始内容存档于2021-05-20).
- ^ Hackers backed by foreign government reportedly steal info from US Treasury. The Times of Israel. [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ Sanger, David E.; Perlroth, Nicole. FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State. The New York Times. December 8, 2020 [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ US cybersecurity firm FireEye says it was hacked by foreign government. The Guardian. December 9, 2020 [December 15, 2020]. (原始内容存档于December 16, 2020).
- ^ 99.0 99.1 Russia's FireEye Hack Is a Statement—but Not a Catastrophe. Wired. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Suspected Russia SolarWinds hack exposed after FireEye cybersecurity firm found "backdoor". Newsweek. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. FireEye. December 13, 2020 [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ Paul, Kari. What you need to know about the biggest hack of the US government in years. The Guardian. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 103.0 103.1 Gatlan, Sergiu. New Sunspot malware found while investigating SolarWinds hack. BleepingComputer. 2021-01-12 [2021-01-13]. (原始内容存档于2021-05-29).
- ^ Goodin, Dan. NSA says Russian state hackers are using a VMware flaw to ransack networks. Ars Technica. 2020-12-07 [2020-12-19]. (原始内容存档于2021-04-21).
- ^ Bing, Christopher. Russian-sponsored hackers behind broad security breach of U.S. agencies: sources. The Japan Times. December 14, 2020 [December 14, 2020]. (原始内容存档于December 14, 2020).
- ^ 106.0 106.1 Katz, Justin. 50 orgs 'genuinely impacted' by SolarWinds hack, FireEye chief says. Defense Systems. 2020-12-23 [2021-03-03]. (原始内容存档于2021-03-09).
- ^ SolarWinds malware has "curious" ties to Russian-speaking hackers. Ars Technica. 2021-01-11 [2021-01-13]. (原始内容存档于2021-04-06).
- ^ Corfield, Gareth. Kaspersky Lab autopsies evidence on SolarWinds hack. The Register. 2021-01-12 [2021-01-13]. (原始内容存档于2021-05-18).
- ^ Greenberg, Andy. SolarWinds Hackers Shared Tricks With Known Russian Cyberspies. Wired. 2021-01-11 [2021-01-13]. (原始内容存档于2021-03-05).
- ^ Roth, Andrew. Global cyber-espionage campaign linked to Russian spying tools. the Guardian. 2021-01-11 [2021-01-13]. (原始内容存档于2021-04-13).
- ^ Castronuovo, Celine. US payroll agency targeted by Chinese hackers: report. TheHill. 2021-02-02 [2021-02-10]. (原始内容存档于2021-02-12) (英语).
- ^ 112.0 112.1 Trump downplays government hack after Pompeo blames it on Russia. the Guardian. December 19, 2020 [2021-03-03]. (原始内容存档于2021-03-08).
- ^ Byrnes, Jesse. Pompeo: Russia 'pretty clearly' behind massive cyberattack. The Hill. December 19, 2020 [2021-03-03]. (原始内容存档于2021-03-02).
- ^ 114.0 114.1 114.2 Trump downplays massive US cyberattack, points to China. Deutsche Welle. December 19, 2020 [2021-03-03]. (原始内容存档于2021-03-03).
- ^ 115.0 115.1 Axelrod, Tal. Trump downplays impact of hack, questions whether Russia involved. The Hill. December 19, 2020 [2021-03-03]. (原始内容存档于2021-04-26).
- ^ US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach. December 20, 2020 [December 21, 2020]. (原始内容存档于2021-03-11).
- ^ Trump finds himself isolated in refusal to blame Russia for big cyberattack. Los Angeles Times. December 20, 2020 [December 21, 2020]. (原始内容存档于2021-02-22).
- ^ Janfaza, Rachel. Barr contradicts Trump by saying it 'certainly appears' Russia behind cyberattack. cnn.com. CNN. 21 December 2020 [26 December 2020]. (原始内容存档于2021-01-02).
- ^ Wilkie, Christina. Attorney General Barr breaks with Trump, says SolarWinds hack 'certainly appears to be the Russians'. CNBC. NBCUniversal News Group. 21 December 2020 [22 December 2020]. (原始内容存档于2021-04-12) (英语).
- ^ 120.0 120.1 120.2 Sanger, David E. Treasury Department's Senior Leaders Were Targeted by Hacking. December 22, 2020 [2021-03-03]. (原始内容存档于2021-03-28).
- ^ US: Hack of Federal Agencies 'Likely Russian in Origin'. SecurityWeek. Associated Press. 2021-01-05 [2021-01-13]. (原始内容存档于2021-02-11).
- ^ Goodin, Dan. Bucking Trump, NSA and FBI say Russia was "likely" behind SolarWinds hack. Ars Technica. January 6, 2021 [2021-03-03]. (原始内容存档于2021-02-07).
- ^ 123.0 123.1 Russians are 'likely' perpetrators of US government hack, official report says. the Guardian. 2021-01-05 [2021-01-13]. (原始内容存档于2021-04-13).
- ^ 124.0 124.1 U.S. Agencies and Companies Secure Networks After Huge Hack. Time. 2020-12-15 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 2020年12月21日外交部发言人汪文斌主持例行记者会 — 中华人民共和国驻新加坡共和国大使馆. www.chinaembassy.org.sg. [2021-03-06].
- ^ Richards, Zoë. Report: Massive Russian Hack Effort Breached DHS, State Department And NIH. Talking Points Memo. December 15, 2020 [December 17, 2020]. (原始内容存档于December 15, 2020).
- ^ Cimpanu, Catalin. SEC filings: SolarWinds says 18,000 customers were impacted by recent hack. ZDNet. [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ Jankowicz, Mia. These big firms and US agencies all use software from the company breached in a massive hack being blamed on Russia. Business Insider. [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ 129.0 129.1 SolarWinds: The Hunt to Figure Out Who Was Breached. bankinfosecurity.com. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Hack may have exposed deep US secrets; damage yet unknown. The Independent. December 15, 2020 [December 16, 2020]. (原始内容存档于December 18, 2020).
- ^ US agencies, companies secure networks after huge hack. AP NEWS. December 14, 2020 [December 16, 2020]. (原始内容存档于December 18, 2020).
- ^ Deep US institutional secrets may have been exposed in hack blamed on Russia. The Guardian. December 16, 2020 [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 133.0 133.1 Emergency Directive 21-01. cyber.dhs.gov. [December 15, 2020]. (原始内容存档于December 15, 2020).
- ^ How Russian hackers infiltrated the US government for months without being spotted. MIT Technology Review. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ SolarWinds advanced cyberattack: What happened and what to do now. Malwarebytes Labs. December 14, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Overview of Recent Sunburst Targeted Attacks. Trend Micro. [December 18, 2020]. (原始内容存档于December 15, 2020).
- ^ Hackers' Monthslong Head Start Hamstrings Probe of U.S. Breach. Bloomberg. December 18, 2020 [December 18, 2020]. (原始内容存档于2021-04-19).
- ^ Hacked networks will need to be burned 'down to the ground'. The Independent. December 18, 2020 [2021-03-03]. (原始内容存档于2021-02-18).
- ^ Satter, Raphael. Experts who wrestled with SolarWinds hackers say cleanup could take months - or longer. December 24, 2020.
- ^ Biden taps trusted figures to lead US climate fight; FDA says Moderna vaccine is highly protective; SolarWinds hack fallout spreads. The World from PRX. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 141.0 141.1 What Matters: The suspected Russian hack of the US government, explained. MSN. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Geller, Eric. The Big Hack: What we know, what we don't. Politico. 2020-12-17 [2020-12-19]. (原始内容存档于2021-01-26).
- ^ 143.0 143.1 143.2 Cohen, Zachary; Salama, Vivian; Fung, Brian. US officials scramble to deal with suspected Russian hack of government agencies. CNN. [December 18, 2020]. (原始内容存档于December 16, 2020).
- ^ 144.0 144.1 144.2 Cimpanu, Catalin. Microsoft to quarantine SolarWinds apps linked to recent hack. ZDNet. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 145.0 145.1 Dozier, Kimberly. U.S. Cyber Experts Scramble to Assess the Scope of the 'Hack of a Decade'. Time. 2020-12-18 [2020-12-19]. (原始内容存档于2021-05-15).
- ^ 146.0 146.1 As Understanding of Russian Hacking Grows, So Does Alarm. The New York Times. 2021-01-02 [2021-01-13]. (原始内容存档于2021-06-06).
- ^ 147.0 147.1 Nuclear weapons agency breached amid massive cyber onslaught. Politico. [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 148.0 148.1 Nuclear Weapons Agency Hacked in Widening Cyberattack – Report. threatpost.com. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 149.0 149.1 Goodin, Dan. Microsoft is reportedly added to the growing list of victims in SolarWinds hack. Ars Technica. December 17, 2020 [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Department of Energy says it was hacked in suspected Russian campaign. NBC News. [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ US nuclear agency a target in 'massive' cyber attack on federal government by suspected Russian hackers. Sky News. [2021-03-03]. (原始内容存档于2021-02-18).
- ^ Security experts warn of long-term risk tied to Energy Department breach. SC Media. December 21, 2020 [2021-03-03]. (原始内容存档于2021-01-26).
- ^ Nakashima, Ellen. DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign. The Washington Post. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ 154.0 154.1 Microsoft Says Russian Hackers Viewed Some of Its Source Code. The New York Times. 2020-12-31 [2021-01-13]. (原始内容存档于2021-06-07).
- ^ Paul, Kari. DoJ confirms email accounts breached by SolarWinds hackers. the Guardian. 2021-01-06 [2021-01-13]. (原始内容存档于2021-04-17).
- ^ Justice Department Says It's Been Affected by Russian Hack. SecurityWeek. Associated Press. January 6, 2021 [2021-01-11]. (原始内容存档于2021-01-22).
- ^ Claburn, Thomas. JetBrains' build automation software eyed as possible enabler of SolarWinds hack. The Register. 2021-01-07 [2021-01-12]. (原始内容存档于2021-02-02).
- ^ Widely Used Software Company May Be Entry Point for Huge U.S. Hacking. The New York Times. 2021-01-06 [2021-01-12]. (原始内容存档于2021-05-31).
- ^ Gatlan, Sergiu. SolarWinds hackers had access to over 3,000 US DOJ email accounts. BleepingComputer. 2021-01-06 [2021-01-13]. (原始内容存档于2021-04-16).
- ^ 160.0 160.1 Stubbs, Jack; Satter, Raphael; Menn, Joseph. U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack. Reuters. December 15, 2020 [December 18, 2020]. (原始内容存档于December 15, 2020).
- ^ Bing, Christopher. EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources. Reuters. December 13, 2020 [December 18, 2020]. (原始内容存档于December 15, 2020).
- ^ 162.0 162.1 The SolarWinds cyberattack: The hack, the victims, and what we know. BleepingComputer. [2021-03-03]. (原始内容存档于2021-05-29).
- ^ 163.0 163.1 Volz, Dustin. Federal Judiciary's Systems Likely Breached in SolarWinds Hack. WSJ. 2021-01-07 [2021-01-12]. (原始内容存档于2021-06-07).
- ^ SolarWinds Hack Compromises U.S. Courts Electronic Filings (1). news.bloomberglaw.com. [2021-03-03]. (原始内容存档于2021-02-01).
- ^ 165.0 165.1 Miller, Maggie. Federal judiciary likely compromised as part of SolarWinds hack. TheHill. 2021-01-07 [2021-01-12]. (原始内容存档于2021-05-03).
- ^ 166.0 166.1 Krebs, Brian. Sealed U.S. Court Records Exposed in SolarWinds Breach. Krebs on Security. 2021-01-07 [2021-01-12]. (原始内容存档于2021-03-13).
- ^ 167.0 167.1 Starks, Tim. Federal courts are latest apparent victim of SolarWinds hack. CyberScoop. 2021-01-07 [2021-01-12]. (原始内容存档于2021-03-25).
- ^ Clark, Mitchell. Federal courts go low-tech for sensitive documents following SolarWinds hack. The Verge. 2021-01-07 [2021-01-12]. (原始内容存档于2021-01-28).
- ^ Kovacs, Eduard. Probe Launched Into Impact of SolarWinds Breach on Federal Courts. SecurityWeek. 2021-01-08 [2021-01-12]. (原始内容存档于2021-02-01).
- ^ 170.0 170.1 Gatlan, Sergiu. US Judiciary adds safeguards after potential breach in SolarWinds hack. BleepingComputer. 2021-01-07 [2021-01-13]. (原始内容存档于2021-04-16).
- ^ Corfield, Gareth. US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents. The Register. 2021-01-08 [2021-01-13]. (原始内容存档于2021-02-02).
- ^ 172.0 172.1 Stubbs, Jack; McNeill, Ryan. SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show. Reuters. December 18, 2020 [2021-03-03]. (原始内容存档于2020-12-22).
- ^ 173.0 173.1 Stubbs, Jack. Hackers' broad attack sets cyber experts worldwide scrambling to defend networks. Reuters. 2020-12-19 [2021-03-03]. (原始内容存档于2021-02-15).
- ^ 174.0 174.1 Volz, Kevin Poulsen, Robert McMillan and Dustin. WSJ News Exclusive | SolarWinds Hack Victims: From Tech Companies to a Hospital and University. December 21, 2020 [2021-03-03]. (原始内容存档于2021-06-07).
- ^ Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds. Bloomberg. December 18, 2020 [December 19, 2020]. (原始内容存档于2020-12-21).
- ^ SolarWinds Supply Chain Hit: Victims Include Cisco, Intel. Bankinfosecurity.com. December 17, 2020 [December 19, 2020]. (原始内容存档于2021-01-18).
- ^ Schmaltz, Trey. La. retirement system warned it may have been target of Russian hack; Cox also investigating. WBRZ. December 18, 2020 [2021-03-03]. (原始内容存档于2021-02-03).
- ^ Menn, Joseph. Exclusive: Microsoft breached in suspected Russian hack using SolarWinds – sources. Reuters. December 18, 2020 [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Cimpanu, Catalin. Microsoft confirms it was also breached in recent SolarWinds supply chain hack. ZDNet. [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Bass, Dina. Microsoft Says Its Systems Were Exposed to SolarWinds Hack. Bloomberg L.P. [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Novet, Jordan. Microsoft was reportedly swept up in SolarWinds hack. CNBC. December 17, 2020 [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Thomson, Iain. US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor. The Register. [2021-03-03]. (原始内容存档于2022-04-08).
- ^ Microsoft acknowledges it was hacked via SolarWinds exploit. SlashGear. December 18, 2020 [2021-03-03]. (原始内容存档于2021-02-18).
- ^ Robles, C. J. Microsoft, SolarWinds Hacking Can Be a National Security Issue?. Tech Times. December 17, 2020 [2021-03-03]. (原始内容存档于2020-12-18).
- ^ Brewster, Thomas. SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies. Forbes. [2021-03-03]. (原始内容存档于2021-02-18).
- ^ SolarWinds hackers accessed Microsoft source code, the company says. CNBC. 2021-01-01 [2021-01-13]. (原始内容存档于2021-01-01).
Modifying source code — which Microsoft said the hackers did not do — could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
- ^ Here's why it's so dangerous that SolarWinds hackers accessed Microsoft's source code. BGR. 2021-01-01 [2021-01-13]. (原始内容存档于2021-02-26).
More than two weeks after the hacks, Microsoft disclosed that the attackers were able to access a critical piece of software, the source code from one or more undisclosed products. Microsoft explained in a blog post that the hackers were not able to modify the source code. But even just a glance at a source code from a company like Microsoft might be enough for hackers to develop new attacks that compromise other Microsoft products. ... Microsoft’s blog post is meant to reassure governments and customers, but the fact remains that hackers might be in possession of the kind of secrets they shouldn’t have access to. Time will tell if gaining access to Microsoft’s source code will allow the same team of attackers to create even more sophisticated hacks.
- ^ Software Giant Admits That SolarWinds Hackers Viewed Microsoft Source Code. CPO Magazine. 2021-01-07 [2021-01-13]. (原始内容存档于2021-01-26).
Microsoft disclosed [that] the hacking group behind the SolarWinds attack also viewed Microsoft source code for unnamed products. ... Microsoft, however, downplayed the breach, saying that the security of its products does not depend on the secrecy of its source code. Contrarily, Microsoft source code for most high-profile products remains to be among the most jealously guarded corporate secrets, shared only with a few trusted customers and governments.
- ^ Stanley, Alyse. Microsoft Says SolarWinds Hackers Also Broke Into Company's Source Code. Gizmodo. 2020-12-31 [2021-01-13]. (原始内容存档于2021-01-27).
While hackers may not have been able to change Microsoft’s source code, even just sneaking a peek at the company’s secret sauce could have disastrous consequences. Bad actors could use that kind of insight into the inner workings of Microsoft’s services to help them circumvent its security measures in future attacks. The hackers essentially scored blueprints on how to potentially hack Microsoft products.
- ^ Bradley, Susan. SolarWinds, Solorigate, and what it means for Windows updates. Computerworld. 2021-01-04 [2021-01-13]. (原始内容存档于2021-03-22).
Microsoft investigated further and found that while the attackers were not able to inject themselves into Microsoft’s ADFS/SAML infrastructure, 'one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made.' This is not the first time Microsoft’s source code has been attacked or leaked to the web. In 2004, 30,000 files from Windows NT to Windows 2000 leaked onto the web via a third party. Windows XP reportedly leaked online last year.
- ^ Satter, Raphael. Microsoft says SolarWinds hackers were able to view its source code but didn't have the ability to modify it. Business Insider. 2020-12-31 [2021-01-13]. (原始内容存档于2021-01-14).
Ronen Slavin, [chief technology officer at source code protection company Cycode], said a key unanswered question was which source code repositories were accessed. ... Slavin said he was also worried by the possibility that the SolarWinds hackers were poring over Microsoft's source code as prelude for something more ambitious. 'To me the biggest question is, "Was this recon for the next big operation?"' he said.
- ^ Spring, Tom. Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes. Threatpost. 2021-01-12 [2021-01-13]. (原始内容存档于2021-04-01).
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
- ^ Email security firm Mimecast says hackers hijacked its products to spy on customers. U.S. 2021-01-12 [2021-01-13]. (原始内容存档于2021-01-12).
Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
- ^ Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack. SecurityWeek.Com. 2021-01-13 [2021-01-13]. (原始内容存档于2021-03-17).
According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services. ... The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers’ communications. ... According to Reuters, people with knowledge of the situation believe this incident may be related to the recently disclosed supply chain attack involving Texas-based IT management solutions provider SolarWinds.
- ^ Seals, Tara. Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack. Threatpost. 2021-01-12 [2021-01-13]. (原始内容存档于2021-03-17).
Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers... A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information. 'The attack against Mimecast and their secure connection to Microsoft’s Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies,' Saryu Nayyar, CEO at Gurucul, said via email.
- ^ SolarWinds attackers suspected in Microsoft authentication compromise. SC Media. 2021-01-12 [2021-01-13]. (原始内容存档于2021-02-27).
- ^ Spadafora, Anthony. Mimecast may also have been a victim of the SolarWinds hack campaign. TechRadar. 2021-01-12 [2021-01-13]. (原始内容存档于2021-01-13).
The reason that Mimecast may have been attacked by the same threat actor behind the SolarWinds hack is due to the fact that these hackers often add authentication tokens and credentials to Microsoft Active Directory domain accounts in order to maintain persistence on a network and to achieve privilege escalation.
- ^ McMillan, Robert. SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags. WSJ. 2021-01-13 [2021-01-13]. (原始内容存档于2021-06-07).
The Mimecast hackers used tools and techniques that link them to the hackers who broke into Austin, Texas-based SolarWinds Corp., according to people familiar with the investigation. The link to the SolarWinds hackers was reported earlier by Reuters.
- ^ Four security vendors disclose SolarWinds-related incidents. U.S. 2021-01-26 [2021-02-01]. (原始内容存档于2021-03-04).
This week, four new cyber-security vendors -- Mimecast, Qualys, Palo Alto Networks, and Fidelis -- have added their names to the list of companies that have installed trojanized versions of the SolarWinds Orion app.
- ^ fireeye/red_team_tool_countermeasures. GitHub. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Microsoft to quarantine compromised SolarWinds binaries tomorrow. BleepingComputer. [December 17, 2020]. (原始内容存档于December 16, 2020).
- ^ Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are. CyberScoop. December 23, 2020 [2021-03-03]. (原始内容存档于2021-02-16).
- ^ Brandom, Russell. SolarWinds hides list of high-profile customers after devastating hack. The Verge. December 15, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ Varghese, Sam. iTWire - Backdoored Orion binary still available on SolarWinds website. www.itwire.com. [2021-03-03]. (原始内容存档于2020-12-14).
- ^ Class Action Lawsuit Filed Against SolarWinds Over Hack. SecurityWeek.Com. 2021-01-06 [2021-01-13]. (原始内容存档于2021-02-01).
- ^ McCarthy, Kieren. Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders. The Register. 2021-01-05 [2021-01-13]. (原始内容存档于2021-03-17).
- ^ SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos. SecurityWeek.Com. 2021-01-08 [2021-01-13]. (原始内容存档于2021-02-19).
- ^ Vaughan-Nichols, Steven J. SolarWinds defense: How to stop similar attacks. ZDNet. 2021-01-14 [2021-01-15]. (原始内容存档于2021-03-10).
- ^ US government agencies, including Treasury, hacked; Russia possible culprit. WTVD. December 14, 2020 [December 15, 2020]. (原始内容存档于December 14, 2020).
- ^ Geller, Eric. 'Massively disruptive' cyber crisis engulfs multiple agencies. Politico. [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ US vows 'swift action' if defense networks hit by alleged Russia hack. Newsweek. December 14, 2020 [December 16, 2020]. (原始内容存档于December 16, 2020).
- ^ FBI, CISA, ODNI Describe Response to SolarWinds Attack. SecurityWeek.com. [December 18, 2020]. (原始内容存档于December 18, 2020).
- ^ Satter, Raphael. U.S. cyber agency says SolarWinds hackers are 'impacting' state, local governments. December 24, 2020 [2021-03-03]. (原始内容存档于2021-01-01).
- ^ Daugherty, Alex. Intel chairman Rubio says 'America must retaliate' after massive cyber hack. Miami Herald. December 18, 2020 [2021-03-03]. (原始内容存档于2020-12-27).
- ^ Dwyer, Colin. Pompeo Says Russia 'Pretty Clearly' Behind Cyberattack, Prompting Pushback From Trump. NPR. December 19, 2020 [December 20, 2020]. (原始内容存档于2021-06-03).
- ^ Lawmakers want more transparency on SolarWinds breach from State, VA. CyberScoop. December 23, 2020 [2021-03-03]. (原始内容存档于2021-01-26).
- ^ Veterans Affairs Officials Inexplicably Blow Off Briefing on SolarWinds Hack. Gizmodo. [2021-03-03]. (原始内容存档于2021-01-21).
- ^ Hacking campaign targeted US energy, treasury and commerce agencies. The Guardian. December 17, 2020 [December 18, 2020]. (原始内容存档于December 17, 2020).
- ^ Jill Colvin & Matthew Lee, Trump downplays Russia in first comments on hacking campaign (页面存档备份,存于互联网档案馆), Associated Press (December 19, 2020).
- ^ Justin Sink, Trump Downplays Huge Hack Tied to Russia, Suggests China (页面存档备份,存于互联网档案馆), Bloomberg News (December 19, 2020).
- ^ Canales, Katie. Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack despite Trump's claim. Business Insider. December 19, 2020 [December 20, 2020]. (原始内容存档于2020-12-20).
- ^ Bing, Christopher. Trump downplays impact of massive hacking, questions Russia involvement. Reuters. 2020-12-19 [2021-03-03]. (原始内容存档于2021-01-04).
- ^ Russia Could Fake Government Emails After SolarWinds Hack: Ex-Trump Adviser Thomas Bossert. MSN. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ Pierce, Charles P. Somebody Was Asleep at the Switch Here. Esquire. December 15, 2020 [December 17, 2020]. (原始内容存档于December 17, 2020).
- ^ 'They potentially have the capacity to cripple us': Romney raises alarm about cyberattack tied to Russia (页面存档备份,存于互联网档案馆), USA Today (December 20, 2020).
- ^ Satter, Raphael. Biden chief of staff says hack response will go beyond 'just sanctions'. Reuters. 2020-12-20 [2020-12-20]. (原始内容存档于2021-04-07) (英语).
- ^ Biden Says Hack of U.S. Shows Trump Failed at Cybersecurity. December 22, 2020 [2021-03-03]. (原始内容存档于2022-04-07).
- ^ Lewis, Simon. Trump must blame Russia for cyber attack on U.S., Biden says. Reuters. December 23, 2020 [2021-03-03]. (原始内容存档于2021-01-21).
- ^ Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts. The New York Times. 2021-01-13 [2021-01-13]. (原始内容存档于2021-03-29).
President-elect Joseph R. Biden Jr., facing the rise of domestic terrorism and a crippling cyberattack from Russia, is elevating two White House posts that all but disappeared in the Trump administration: a homeland security adviser to manage matters as varied as extremism, pandemics and natural disasters, and the first deputy national security adviser for cyber and emerging technology. ... Mr. Trump dismantled the National Security Council's pandemic preparedness office, and while he had an active cyberteam at the beginning of his term, it languished. 'It's disturbing to be in a transition moment when there really aren't counterparts for that transition to be handed off,' Ms. Sherwood-Randall said. ... The SolarWinds hacking, named after the maker of network management software that Russian intelligence agents are suspected of having breached to gain access to the email systems of government agencies and private companies, was a huge intelligence failure.
- ^ Corera, Gordon. SolarWinds: UK assessing impact of hacking campaign. BBC News. December 18, 2020 [December 18, 2020]. (原始内容存档于2021-03-11).
- ^ UK organisations using SolarWinds Orion platform should check whether personal data has been affected. ico.org.uk. December 23, 2020 [2021-03-03]. (原始内容存档于2021-01-27).
- ^ CSE warns companies to check IT systems following SolarWinds hack - CBC News. CBC. 2020-12-19 [2020-12-25]. (原始内容存档于2021-03-30).
- ^ Security, Canadian Centre for Cyber. Canadian Centre for Cyber Security. Canadian Centre for Cyber Security. August 15, 2018 [2021-03-03]. (原始内容存档于2021-05-24).
- ^ Wolfe, Jan. Explainer-U.S. government hack: espionage or act of war?. Reuters. 2020-12-19 [2020-12-19]. (原始内容存档于2023-03-25).
- ^ 235.0 235.1 Dilanian, Ken. Suspected Russian hack: Was it an epic cyber attack or spy operation?. NBC News. 2020-12-18 [2020-12-19]. (原始内容存档于2021-03-11).
- ^ 236.0 236.1 Erica Borghard; Jacquelyn Schneider. Russia's Hack Wasn't Cyberwar. That Complicates US Strategy. Wired. [December 17, 2020]. (原始内容存档于December 18, 2020).
- ^ 237.0 237.1 Goldsmith, Jack. Self-Delusion on the Russia Hack. thedispatch.com. [2021-03-03]. (原始内容存档于2021-05-16).
- ^ Russia's SolarWinds Operation and International Law. Just Security. December 21, 2020 [2021-03-03]. (原始内容存档于2021-05-29).
- ^ Microsoft president calls SolarWinds hack an 'act of recklessness'. Ars Technica. December 18, 2020 [December 18, 2020]. (原始内容存档于2021-05-07).
- ^ US cyber-attack: US energy department confirms it was hit by Sunburst hack. BBC News. December 18, 2020 [December 18, 2020]. (原始内容存档于2021-06-06).
- ^ Schneier, Bruce. The US has suffered a massive cyberbreach. It's hard to overstate how bad it is | Bruce Schneier. December 23, 2020 [2021-03-03]. (原始内容存档于2021-05-07).
- ^ Kolbe, Paul R. Opinion | With Hacking, the United States Needs to Stop Playing the Victim. December 24, 2020 [2021-03-03]. (原始内容存档于2021-05-19).
- ^ Kaplan, Fred. The Government Has Known About the Vulnerabilities That Allowed Russia's Latest Hack for Decades—and Chose Not to Fix Them. Slate Magazine. December 18, 2020 [2021-03-03]. (原始内容存档于2021-05-16).
- ^ Kaplan, Fred. Should the U.S. Retaliate for Russia's Big Hack?. Slate Magazine. December 23, 2020 [2021-03-03]. (原始内容存档于2021-05-06).