The Ministry of Defence in Whitehall has ordered an urgent review to check the extent to which British systems have been compromised, after it emerged this week that sophisticated hackers have had access to the American government’s top secrets for months. The finger of blame has been pointed at Russia.
Initial analysis suggests the hackers gained access via the cybersecurity company SolarWinds, whose software is used by numerous US government agencies. When SolarWinds was compromised, hackers implanted a backdoor into a software update which was then downloaded by US departments as well as a plethora of private companies, allowing the hackers to access their systems.
A second cybersecurity firm, FireEye, was the subject of a similar hack, although it is used by fewer official government networks. Robert Fox reported for Reaction on this, on Wednesday. Read it here.
Now, however, there are fears that the hack went much further than SolarWinds, and is much more serious than previously thought. In a statement, the cybersecurity division in the Department of Homeland Security, CISA, has warned that the breach came as a result of several lines of attack. “CISA has evidence of additional initial access vectors, other than the SolarWinds platform; however, these are still being investigated,” the statement said.