SolarWinds hack may have affected 18,000 customers, vendor says
National Security Council meeting convened after security vendor hacking breach infects US federal networks
US government agencies are among 18,000 institutions that may have been affected by a breach of SolarWinds' Orion platform.
According to Reuters, US sources identifying breaches believe hackers could be working as state actors for Russia, an assertion the Russian US embassy has vehemently denied.
The hackers are believed to have been monitoring internal email traffic at the US Treasury, Commerce and Defence departments.
The department which manages cybersecurity for the US government, Homeland Security, is also believed to have been affected.
SolarWinds Orion says 18,000 of its 300,000 customers may have been affected.
The platform software gives IT staff access to computers on customer networks remotely.
The US vendor has issued a call for all customers to "immediately" upgrade their Orion Platform "to address a security vulnerability".
In a statement, it added: "We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack."
The vulnerability to the US federal agencies' networks appears to be from a "supply-chain attack".
Hackers are believed to have tampered with updates released by SolarWinds, hiding malicious code within legitimate software.
The hack comes just a week after another vendor providing cybersecurity for US government agencies, FireEye, fell victim to a large-scale "state-sponsored" hack.
FireEye CEO Kevin Mandia said the sabotage mainly went after information related to FireEye's government customers.
A US National Security Council meeting was convened over the weekend to discuss the SolarWinds breach. And the FBI has started an investigation.
The UK's security agency GCHQ has said that it too is assessing any impact on its own networks.
As of Wednesday, Microsoft has also issued a notice that it will be quarantining malicious versions of SolarWinds Orion.
"Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries," the vendor sais in an update.
"This will quarantine the binary even if the process is running. We also realise this is a server product running in customer environments, so it may not be simple to remove the product from service."
In another twist, the Washington Post is now reporting that SolarWinds shareholders traded $280m in stock just days before the hack was made public.
SolarWinds shares have tumbled almost 20 per cent off the back of cyber attack news.