 |
| SolarWind's hack affects local governments in the United States |
The US Cybersecurity and Infrastructure Security Agency (CISA) said the widespread attack on computer management company SolarWinds caused unprecedented attacks on the system.
The agency said the widespread cyber espionage announced earlier this month had affected state and local governments, although it released other details as well.
This hacking campaign is being used by US tech company SolarWinds as a springboard for entry into the federal government network and affecting corporate networks of federal, state and local governments, as well as critical infrastructure companies and other corporations. Spread.
The US Cybersecurity and Infrastructure Agency (CISA) said last week that those affected include US government agencies, critical infrastructure companies, and private companies, but without specifically mentioning the government or local agencies.
So far, a few federal agencies have officially confirmed its influence, including the US Treasury, Department of Commerce and Energy Department.
The US Cybersecurity and Infrastructure Security Agency (CISA) has not specified the state or local authority involved.
Reuters reported earlier that Pima County, Arizona, was a victim of the invasion.
The regional media official told Reuters previously: After the hack, his team stopped the SolarWinds project, and the investigators did not find any other evidence of the violations.
Senior US officials and lawmakers claimed that Russia was the main culprit in the wave of piracy and that the Russian Foreign Intelligence Service (SVR) carried out piracy attacks. The Kremlin denied this claim.
The agency is investigating signs of abuse of standard open tokens that are used to exchange authentication and authorization data between identity providers and SAML service providers so that different programs can connect and log in once to access different services.
SolarWinds said: Between March and June of this year, nearly 18,000 customers received software updates that contained malware.
Law enforcement hacking services have the resources, patience, and expertise to access highly sensitive information and its privileges without verification, CISA said.