My team and I, talked about why the SolarWinds attack mattered.
Team 1
Team members: David Daniel, Hannah Johnson, Jayce Clancey, and Tiani Reynolds
CYSE 200T
October 7, 2024
The SolarWinds Compromise and Its Significance
Location of information: https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
BLUF
Hackers targeted SolarWinds placing a harmful code into the management software and Orion IT monitoring system. Both of these systems are used by thousands of people and companies around the world which lead to many companies being hacked as well as supply chains, causing even organizations within the government to experience the effects.
What was the Attack
Solar winds compromise was a supply chain cyber operation conducted by Russian threat group ATP29. They used tactics such as password spraying, token theft, API abuse, spear phishing, and other supply chain attack strategies to compromise the data of more than 30,000 public and private organizations including local, state, and federal agencies that used the Orion Network management system to manage their IT resources. The hack exposed the inner workings of Orion users, allowing the hacker to gain access to the data and networks of their customers and partners. The hack lasted from August 2019 through January 2021, and was also known as the “SUNBURST” attack.
Why was this important?
This was important because it was a wake-up call for the global cybersecurity community. It forced organizations to update their security practices and highlighted their weaknesses. It helped organizations locate what they need to update to make things more secure to ensure that an attack like this doesn’t happen again.
Conclusion
In conclusion, the SolarWinds compromise was a huge Russian supply chain attack which compromised 30,000 public and private organizations including local, state, and federal agencies. Even though this was a huge attack and organizations spent a lot of money to come back from this attack, these companies used this as a learning opportunity to improve their systems to minimize cyber risks in the future.