Scope, Damage of Massive Russian Hack Still Uncertain

Experts say that today, five days after the Russian massive hack was discovered, it is still not possible accurately to assess the scope of the attack and the size of the damage. Since March, nearly 18,000 customers have installed the compromised version of SolarWinds’s software.

Experts say that Sunburst was just a means to enter the organizations’ computer systems. What is not clear yet, in addition to which of SolarWinds’s clients was compromised, what is the duration of each case of cyber breach; and whether the hackers left behind other forms of malware.

“We think the number who were actually compromised were in the dozens,” Charles Carmakal, a senior vice president at FireEye, told the New York Times. “But they were all the highest-value targets.”

The list of actual hackers’ victims may be limited, but the scope and severity of the espionage operation will remain unclear until the nature of the information exfiltrated is identified. This is not going to be easy: By planting Sunburst inside networks, the Russian hackers were in a position to survey the networks for months This would have allowed them plenty of time and opportunities to move, conceal, and erase their tracks. “Removing this malicious actor from compromised networks will be a highly complex task and a challenge for organizations,” the U.S. cybersecurity agency warned in an alert issued Thursday.

This past week, cyberexperts in many countries have been working feverishly to identify the victims of the Russian attack – and those who installed the SolarWinds product, and those allowed Sunburst into their systems, but who were not attacked.

The process may take weeks, even months. Things have been complicated by the fact that the hackers used an additional piece of software, not only the compromised SolarWinds for their espionage operation.

On Thursday, President-elect Joe Biden expressed his “great concern” about the events. “The management of this leak will be a major priority as soon as we get to business,” he said.

President Trump has ignored the Russian attack.

Senator Ron Wyden (D-Oregon), who is a member of the Senate Intelligence Committee, said he feared “a massive national security failure, which could have ramifications for years.” He added: “I’m afraid the damage will be more serious than what is known today.”

“The magnitude of this national security breach is hard to overstate,” said Thomas Bossert, Trump’s former cybersecurity adviser. Writing in the New York Times, he said:

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy.

Senator Richard Blumenthal (D-Connecticut), after closed-door meeting of the Senate Intelligence Committee, in which members were briefed by the intelligence community, said he was “deeply alarmed, and even downright frightened.”