Cisco, Belkin, VMware and Intel have also been affected by SolarWinds hack
Cisco, Belkin, VMware, Nvidia and Intel have also been affected by the SolarWinds hack, those companies have admitted. The companies are investigating the hack. The US Treasury Department has also been hit.
The companies say they have no indications that the hack will affect their products, services or customers, reports The Wall Street Journal. Cisco says it has found the malware on employee systems and in laboratories. VMware has seen the malware, but has no indication that it has been exploited. Nvidia is still investigating the case, but also says it has no indications that the malware has been abused. Belkin claims the same and claims to have removed the malware.
The malware in the Orion SolarWinds update also reached the US Treasury Department, CNN said, based on a statement made by a politician who was informed. Employees’ mail accounts would have been penetrated via the malware. That happened from July this year.
The SolarWinds hack came out last week. The hack entered organizations via an update of the Orion software, a product supplied by the American SolarWinds. That backdoor was in a dll with a signature that comes directly from the Orion software itself, so that it is not detected as malware. That dll establishes an http connection to an external command-and-control server. That malware does nothing for the first two weeks, but only opens the connection afterwards.
The attackers use previously unknown malware called Teardrop, which pulls in a payload. That payload is Beacon, part of attack simulation software Cobalt Strike. The attackers modified Beacon to open a bridge between the C&C server and the malware itself.