SolarWinds gov't hack hit Pima County servers
Feds call Orion network software backdoors a 'grave risk' to gov't agencies, private companies
Secret "backdoors" that allowed hackers to spy on supposedly secure computers not only targeted U.S. government agencies and major corporations, but hit smaller targets such as Pima County networks. Local officials said they do not have evidence any information was leaked from the holes placed in network monitoring programs.
The hack of SolarWinds networking software, which has hit computers around the world, extended into the servers of Pima County government agencies, officials confirmed Friday.
As first reported by Reuters, the "sprawling cyber-espionage campaign" not only wormed its way into the computers of the State, Defense and Homeland Security departments of the federal government, the CDC, and prominent networks in dozens of countries, but hit the county as well.
The county acknowledged Friday afternoon that it had been a target, but refused to detail the extent of the attack on its networks.
"We have no indication any data was stolen," said Pima County Chief Information Officer Dan Hunt.
"As soon as we were notified that SolarWinds had an issue, we unplugged every device running the software, and removed the agent from every device in our network as recommended by the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency," Hunt said. "We are following proper protocol and have not been able to verify that there was any data breach."
U.S. officials have pointed to Russia as responsible for the extensive hacking effort, which placed malicious code inside updates to common networking software, in order to later have entry points to computer systems, calling it a "grave risk" to the federal government.
According to Reuters, publicly accessible Internet records indicate that the backdoors in the county's installation of the Orion network monitoring software made by SolarWinds were "activated in June and July this year, the peak of the hacking activity so far identified by investigators."
More than 18,000 users around the world were affected by the hack. There are no indications that Pima County was specifically targeted by the effort, which affected all users who downloaded and installed the infected software. Internet address records show that it's likely state and local governments across the country are among those hit by the hacked software.
As the fallout continued to roil Washington on Thursday, with a breach confirmed at the U.S. Energy Department, U.S. officials warned that the hackers had used other attack methods and urged organisations not to assume they were protected if they didn’t use recent versions of the SolarWinds software.
Microsoft, which was one of the thousands of companies to receive the malicious update, said it had currently notified more than 40 customers whose networks were further infiltrated by the hackers.
Around 30 of those customers were in the United States, it said, with the remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most worked information technology companies, as well as some think tanks and government organisations.
Through a spokesman, Pima County declined to make Hunt available for further questions about the hack.
Also hit by the hacking effort were the Treasury and Commerce departments, the Energy Department and Nuclear Security Administration, and companies such as AT&T, Mastercard, Comcast, Cox Communications and more.
The federal Cybersecurity and Infrastructure Security Agency said Thursday that it had "determined that this threat poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."