London Daily

Focus on the big picture.
Wednesday, Sep 17, 2025

What We Think Know About suspected Russia's Latest Alleged Hack Of The U.S. Government

What We Think Know About suspected Russia's Latest Alleged Hack Of The U.S. Government

The list of affected agencies is growing by the day. The full extent of the damage is still not clear, and U.S. authorities have provided few details.
Russian government hackers are believed to be responsible for infiltrating computer systems at multiple U.S. agencies in recent months, including the Pentagon, the Department of Homeland Security and the Department of the Treasury, according to government agencies and media reports. Russia has denied the accusations.

The hack hinged on a vulnerability on a software monitoring product from SolarWinds, a company based in Austin, Texas. The company works widely with the federal government and hundreds of large U.S. companies. Many use SolarWinds' Orion software to monitor their computer networks.

SolarWinds has some 300,000 customers, but says "fewer than 18,000" installed the version of its Orion products earlier this year that now appear to have been compromised.

So far, the list of affected U.S. government entities includes: The Commerce Department; Department of Homeland Security; the Pentagon; the Treasury Department; the U.S. Postal Service; and the National Institutes of Health.

The incident is the latest in what has become a long list of suspected Russian electronic incursions into other nations – particularly the U.S. – under President Vladimir Putin. Multiple countries say Russia was previously found to have used hackers, bots and other means in attempts to influence elections in the U.S. and elsewhere.

Many U.S. national security agencies made major efforts to prevent Russia from interfering in this year's election. But those same agencies seem to have been blindsided by news that hackers — suspected to be Russia's foreign intelligence service, the SVR — were digging around inside U.S. government systems, possibly since the spring.

"It's as if you wake up one morning and suddenly realize that a burglar has been going in and out of your house for the last six months," said Glenn Gerstall, who was the National Security Agency's general counsel from 2015 to 2020.

Describing some of the detective work that's now taking place, he added, "You'd have to go back and look at every room to see what was taken, what might have been touched. And of course, that's just a horrifying thought."

The intruders were very careful to cover their tracks, Gerstall said.

"You couldn't tell that they came in, you couldn't tell that they left the back door open. You couldn't even tell necessarily when they came in, took a look around and when they left."

To carry out the attack, hackers exploited the supply chain that SolarWinds uses to distribute software updates. The company says it has proof that when it sent updates to customers between March and June 2020, the updates to the Orion products also included malware that gave hackers access.

Microsoft has now taken control of the domain name that hackers used to communicate with systems that were compromised by the Orion update, according to security expert Brian Krebs. The company's analysis, he adds, should help reveal the scope of the affected companies and agencies.

So far, some U.S. government departments and agencies have acknowledged they are investigating the breaches, but have provided few details. The White House has been silent about the suspected Russian hack.

"This SolarWinds hack is very problematic, very troublesome, because it's not at all clear exactly how we should respond," Gerstall said. Part of the problem, he added, is that it's not clear what the hackers did after gaining access.

"This is not a question of someone manipulating software to open dams or turn off electric grids," Gerstall said. "It's not even clear that this is necessarily an attack designed to steal intellectual property the way China, for example, has stolen everything from patents for solar panels to the blueprints for fighter jets."

The intrusion could simply be a case of espionage, he said, of one government trying to understand what their adversary is doing.

Here's what key players are saying about the case:

SolarWinds: The company says, "We have been advised that this incident was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but we have not independently verified the identity of the attacker."

In an SEC filing, the company says it is cooperating with the FBI, the U.S. intelligence community and other agencies to investigate the breach.

SolarWinds says it was alerted to an "attack vector" that targeted its emails and other office productivity tools. The company adds that it uses Microsoft Office 365 for its office tools.

SolarWinds says it's working with Microsoft to determine if any customer data was exfiltrated, but it adds that so far, they have not found signs of stolen data.

The company says customers affected by the vulnerability should upgrade to the latest versions of its software "as soon as possible to ensure the security of your environment."

FireEye: The cybersecurity firm announced last week that a "highly sophisticated state-sponsored adversary" stole its "red team" tools, which are used to test security vulnerabilities in its customers' computer networks. FireEye's clients include government agencies.

The company says it's working with the FBI, Microsoft, and SolarWinds. And in an update issued late Sunday, FireEye said it has identified signs of compromised security in "multiple organizations," dating back to the spring of 2020. It also confirms others' findings of a sophisticated and meticulous attack.

"Our analysis indicates that these compromises are not self-propagating; each of the attacks require meticulous planning and manual interaction," FireEye said.

Microsoft: "We believe this is nation-state activity at significant scale, aimed at both the government and private sector," the company said, as it shared some details about what it calls "the threat activity we've uncovered over the past weeks."

Microsoft says the malicious code in the SolarWinds update gave hackers a foothold in the target's computer network, "which the attacker can use to gain elevated credentials." It adds that its Microsoft Defender software can now detect the files used in the hack.

The company applauded other firms for being open and transparent in revealing the hacking attacks, saying it will help others boost their security. As for Microsoft itself, the company said that so far, it hasn't "found evidence of a successful attack" in its own systems.

Cybersecurity and Infrastructure Security Agency: CISA said on Sunday that it "is aware of active exploitation of SolarWinds Orion Platform software" that was released between March 2020 and June 2020. The agency is urging any affected organizations to take steps to detect intrusions, and take countermeasures.
Newsletter

Related Articles

0:00
0:00
Close
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
Kash Patel erupts at ‘buffoon’ Sen. Adam Schiff over Russiagate: ‘You are the biggest fraud’
Homeland Security says Emmy speech ‘fanning the flames of hatred’ after Einbinder’s ‘F— ICE’ remark
Charlie Kirk’s Alleged Assassin Tyler Robinson Faces Death Penalty as Charges Formally Announced
Actor, director, environmentalist Robert Redford dies at 89
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
JD Vance Says There Is “No Unity” with Those Who Celebrate Charlie Kirk’s Killing, and he is right!
Trump sues the 'New York Times' for an astronomical sum of 15 billion dollars
Florida Hospital Welcomes Its Largest-Ever Baby: Annan, Nearly Fourteen Pounds at Birth
U.S. and Britain Poised to Finalize Over $10 Billion in High-Tech, Nuclear and Defense Deals During Trump State Visit
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
Tens of Thousands of Young Chinese Get Up Every Morning and Go to Work Where They Do Nothing
The New Life of Novak Djokovic
The German Owner of Politico Mathias Döpfner Eyes Further U.S. Media Expansion After Axel Springer Restructuring
Suspect Arrested: Utah Man in Custody for Charlie Kirk’s Fatal Shooting
In a politically motivated trial: Bolsonaro Sentenced to 27 Years for Plotting Coup After 2022 Defeat
German police raid AfD lawmaker’s offices in inquiry over Chinese payments
Turkish authorities seize leading broadcaster amid fraud and tax investigation
Volkswagen launches aggressive strategy to fend off Chinese challenge in Europe’s EV market
ChatGPT CEO signals policy to alert authorities over suicidal youth after teen’s death
The British legal mafia hit back: Banksy mural of judge beating protester is scrubbed from London court
Surpassing Musk: Larry Ellison becomes the richest man in the world
Embarrassment for Starmer: He fired the ambassador photographed on Epstein’s 'pedophile island'
Manhunt after 'skilled sniper' shot Charlie Kirk. Footage: Suspect running on rooftop during panic
Effective Protest Results: Nepal’s Prime Minister Resigns as Youth-Led Unrest Shakes the Nation
Qatari prime minister says Netanyahu ‘killed any hope’ for Israeli hostages
King Charles and Prince Harry Share First In-Person Moment in 19 Months
×