Alleged Russian cyber attack allegedly exposed US deep state secrets through "Orion" data breach

Experts remain unsure about the extent of the damage caused by the cyber attack (Image source: Panda Security)

Multiple US government branches, including the Department of Commerce, and an unknown number of private sector players have been hit by a massive cyber attack. Experts still remain uncertain about the volume of sensitive information that's been secreted beyond borders by hackers with alleged ties to the Russian government.

Arjun Krishna Lal, Published 12/18/2020 🇵🇹 🇫🇷 ...

Multiple arms of the US government, as well as private sector players, have been hit by what appears to have been a cyber attack of an unprecedented scale. The Cybersecurity and Infrastructure Security Agency described the hack as a "grave risk" to both public and private networks.

The US Department of Energy was among the affected branches of government and had earlier released a statement confirming this. The data breach was at least in part due to vulnerabilities with Orion software from SolarWinds, an IT management vendor widely contracted by US government agencies and private sector firms.

Microsoft alone identified over 40 clients who were compromised as part of the attack, and the vulnerability could potentially affect as many as 17,000 SolarWinds customers. An attack heatmap shared by Microsoft seems to add credence to a Russian source of origin for the hack. The map indicates that targets across the world (apart from Russia) were affected, though 80 percent of affected systems were in the United States.

Due to the attackers obfuscating data during exfiltration, it's still unclear as to exactly what kind of damage has been done.

This heatmap indicates that most targeted devices were in the United States (Image source: Microsoft)

Source(s)

The Guardian

FCC terms Kaspersky as a security risk. (Image source: Michael Geiger)

Kaspersky joins Huawei and ZTE as a national security threat on the FCC's entity list 03/28/2022

T-Mobile has experienced a data breach and customers may be affected by SIM swapping and their network information may have been leaked. (Image: Mika Baumeister)

T-Mobile hit with a data breach 12/29/2021

A Russian court slaps Google with a US$98 million fine for failing to delete illegal content 12/24/2021

A huge number of Facebook accounts might be in danger after data from a 2019 leak surfaces online

Failbook: Personal data of roughly 530 million accounts from 106 countries leaks online 04/05/2021

STALKER 2 could potentially feature mod support on the Xbox Series X/S (Image source: GSC Game World)

Further details about STALKER 2 unveiled in Russian podcast: advanced A-Life AI, Xbox Mod support, and more 03/09/2021

Hotfix 1.11 is the latest update for Cyberpunk 2077 on consoles, PC and Stadia. (Image source: CDPR)

Cyberpunk 2077 Patch 1.1 delivers all-round improvements for the PlayStation 4 with little joy for the Xbox One; Hotfix 1.11 fixes game-breaking Down on the Street bug 01/29/2021

Several updates for Cyberpunk 2077 are due this year, including a next-generation optimised version. (Image source: CDPR)

CDPR apologises for Cyberpunk 2077, announce updates roadmap for 2021 and appears to postpone online multiplayer until 2022 01/14/2021

Over 20GB of confidential design data and files were stolen from Intel in a security breach (Image source: Panda Security)

Hackers steal over 20GB of confidential design data from Intel in massive data breach 08/07/2020

Hackers could conceivably leverage the Secure Enclave exploit to steal personal data and biometric info from iOS users (Image source: Panda Security)

Alarming “Unpatchable” exploit in Apple’s Secure Enclave could put the data of millions of users at risk, per Chinese hackers 08/03/2020

Nintendo 3DS bugs are no longer eligible for the HackerOne program 07/01/2020

Facebook apparently has a data hemorrhage. (Source: Facebook)

Over 260 million Facebook profiles have been found to be on sale on hacker forums 04/23/2020

Microsoft security researchers discover new cyber attack through Internet of Things connected devices 08/06/2019

Read all 3 comments / answer

Loading Comments

Comment on this article

ASUS, MSI set to enable Smart Acces...

Huami releases the Amazfit GTS 2e a...

Arjun Krishna - Tech Writer - 623 articles published on Notebookcheck since 2019

I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. Apart from working as an editor at Notebookcheck, I write for outlets including TechSpot and Gamingbolt. I’m the Director of Content at Flying V Group, one of the top 5 digital marketing agencies in Orange County. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.

contact me via: Facebook, LinkedIn

Please share our article, every link counts!