One of the most sophisticated and largest hacks of American government systems in recent years. This is how the media dubbed the hacker attack on several US ministries, the scale of which later turned out to be much more impressive than initially thought. She was linked to SolarWinds software and, of course, Russian hackers.

The first reports of the attack appeared on December 13. Initially, it was about the systems of the Ministry of Finance and one of the departments of the US Department of Commerce — the attackers tracked the internal mail of the departments for months. However, even then the media started talking that this could be just the tip of the iceberg.

Almost every day, new victims were added to the list of government departments and private companies affected by the attack. Among them are Microsoft, FireEye, Cisco, as well as the State Department, the Department of Homeland Security, the US Department of Energy and others.

Hackers “sponsored by a foreign state” were blamed for the attack. The culprits did not have to look for long. Almost immediately, they pointed to the specific state allegedly behind the incident — Russia.

ForkLog figured out the specifics of the attack on the SolarWinds software vendor, which started it all.

Hackers infected a malware platform from SolarWinds. It was used by many departments and companies — the infected version was installed by about 18,000 SolarWinds customers.

The responsibility for hacking the American media and intelligence agencies involved in the investigation are blamed on “Russian hackers.”

The true extent of the damage is still unknown — it turned out that the SolarWinds attackers also compromised companies that did not use SolarWinds products.

Hacking SolarWinds — a puzzle of many details

On December 8, one of the most famous cybersecurity companies, FireEye, announced that it itself had suffered from a hacker attack. The attackers gained access to the tools that FireEye used to test the security of its customers’ networks.

“This theft is comparable to if bank robbers, having “cleaned out” the vaults, returned and stole FBI tools to investigate the robbery,” The New York Times wrote.

The CEO of the company, Kevin Mandia, said that “sophisticated attackers are behind the hacking, whose discipline and methods suggest that this was a state-sponsored attack.”

Later it turned out that FireEye was not the only target of hackers — she became one of the many victims of the attack on the SolarWinds software vendor, which became known later. FireEye itself joined the investigation of the incident.

SolarWinds is a large American IT company that develops software for many state-owned enterprises and private firms to manage their networks, systems and infrastructure.

After the first media reports began to appear about the penetration of hackers into government systems, the company asked users to urgently update the Orion platform.