What if a threat actor was able to compromise a software program that gave operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials? What if the government (and a whole bunch of other companies with sensitive information) ran this software across most of its infrastructure?
Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group APT29/CozyBear are believed to be behind the hack. They have compromised many of the internal government networks and work is ongoing to investigate the damage of companies and government agencies alike.
As I am fairly fresh into a new security research position at Kenna Security, I want to begin this with a realization that targeted hacking has been going on for years. Information control is everything in the world today, and the United States intelligence agencies have developed the systems to capture and collect a whole bunch of data. This will always be a target to foreign nation states. Systems will need to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by incident response teams and really, really skilled hackers and programmers to try to rebuild things in a much more secure manner and track the nation state hackers footprints.
Everybody in this space that is responsbile for securing infrastructure needs to always have a paranoid mindset and understand the realization of the world that we are in today. SolarWinds will not be the first example of this as the future unfolds.