U.S. Government Agencies were told to check their networks for malware and servers that have been compromised. Information on possible cyber attacks by Russian or Chinese hackers is suspected.
According to sources, these agencies were told to check what kind of compromised data, malware, and disabling servers can be harvested for info. To date, the Treasury and Commerce departments were attacked in a monthlong cyber siege by either Chinese or Russian hackers.
It was detected after the data had a suspicious activity detected by White Hat hackers (ethical hackers). This threat forced the Department of Homeland Security's cybersecurity to call for all data leaks in the active computer networks for a long time. Fears that the backdoor has been harvested by Chinese hackers more than Russians reported USA Today.
One cybersecurity expert Dmitri Alperovitch mentioned that foreign hackers actively get into government networks in the United States, maybe more severe than thought.
FireEye, a cybersecurity company, got hacked by someone, but cannot tell if they are Chinese or Russians. They suspect Russia as the culprit, but other governments like China intend to get information from the United States as schools are targeted. Pompeo, at a recent talk, reveal that China is active in the subversion of colleges through money.
Reuters got the scoop less than a week with the FireEye disclosure that foreign hackers in Beijing or Moscow had entered their networks. Their hacking tool got hacked by hackers, which serious.
Hackers of unknown origin is software for servers called SolarWinds that passed the firewall of the Treasury and Commerce Department with Fire Eye.
The implication of weaponizing the software is that many servers are using it worldwide. It places in danger more than Fortune 500 companies and multiple U.S. federal agencies that need to patch the network's weakness.
Alperovitch said that a patch is needed to prevent any backdoors from being used to steal data. Solar Winds tweeted recently as a result.
Per the DHS directive that is only the 5th since made in 2015, all U.S. agencies must turn off all machines with compromised hardware with Solar Winds software.
Fire Eye had no specific culprits in mind and state that it is a global campaign by an unidentified hegemony going after government networks and companies, speculating that it began in spring when the malware had a human or other means to update the SolarWind software.
One of the malware gets remote access to the target network; the backdoor is made via SolarWinds. A 'God-mode' is given to see all the data on the web.
John Hultquist, director of threat analysis at FireEye, says that it might be foreshadowing of a more significant backdoor into the network. It might be Chinese for all we know, but they are still poking silently until targets of opportunity come by.
The already flaw soft is distributed to 300,000 users (SolarWinds) that include the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice, and the White House.
But it gets worse with ten of the U.S. telecommunications companies, and the top five U.S. accounting firms are among customers as it additional customers. Initially, Russia is the top choice, but China cannot be discounted.
Related article: Experts Warn: China Imposes a Threat to All Countries in 15 Years