本文轉自微軟新聞網技術專欄的報導:Microsoft head calls SolarWinds hack 'act of recklessness'。
Earlier this year, hackers compromised software made by a cybersecurity company you might not have heard of. The infiltration led to a massive malware campaign that's now affecting US federal agencies as well as governments around the world, according to the security firm and news reports. 對美國聯邦機構的大規模惡意軟件活動是從今年早些時候對SolarWinds的駭客襲擊開始的。
The hacked company, SolarWinds, sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers installed the tainted updates onto their systems, the company said. SolarWinds生產的軟件Orian幫助用戶監測電腦網絡。駭客在軟件更新版本中插入了惡意編碼,被1萬8千客戶安裝。
The compromised update process has had a sweeping effect, the scale of which keeps growing as new information emerges. Based on newspaper reports, the company's statements and analysis from other security firms, a Russian intelligence agency reportedly carried out a sophisticated attack that struck several US federal agencies and private companies including Microsoft. 是一家俄國情報機構的作為,攻擊到好幾個聯邦機構,以及包括微軟在內的私營公司。
On Saturday, President Donald Trump floated on Twitter the idea that China might be behind the attack. Trump, who didn't provide evidence to support the suggestion of Chinese involvement, tagged Secretary of State Mike Pompeo, who had earlier said in a radio interview that "we can say pretty clearly that it was the Russians that engaged in this activity." 川普說也許是中國的襲擊。
US national security agencies issued a joint statement Wednesday acknowledging a "significant and ongoing hacking campaign" that's affecting the federal government. It's still unclear how many agencies are affected or what information hackers might have stolen so far, but by all accounts the malware is extremely powerful. According to analysis by Microsoft and security firm FireEye, both of which were also infected with the malware, it gives hackers broad reach into impacted systems. 根據微軟和FireEye保安公司,受襲擊情況相當嚴重。
On Thursday, Politico reported that systems at the Department of Energy and the National Nuclear Security Administration were also affected. Also on Thursday, Microsoft said it had identified more than 40 customers that were targeted in the hack. 國家能源部與核子安全部門以及40多家客戶這次也受到了攻擊。More information is likely to emerge about the hack and its aftermath. Here's what you need to know about the SolarWinds hack:
How did hackers sneak malware into a software update? Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product, the company explained in a filing with the SEC. From there, they inserted malicious code into otherwise legitimate software updates. This is known as a supply-chain attack, because it infects software while it's being assembled. 駭客設法訪問了SolarWinds的客戶軟件更新系統,叫作供應鏈襲擊。
It's a big coup for hackers to pull off a supply-chain attack, because it packages their malware inside a trusted piece of software. Instead of having to trick individual targets into downloading malicious software with a phishing campaign, the hackers could rely on several government agencies and companies to install the Orion update at SolarWinds' prompting. 供應鏈襲擊相當於實現了政變之後,打擊一切與之有信任關係的國內外實體。
The approach is especially powerful in this case because hundreds of thousands of companies and government agencies around the world reportedly use the Orion software. With the release of the tainted software update, SolarWinds' vast customer list became potential hacking targets. 世界上有幾十萬公司和政府部門使用SolarWinds的Orion軟件。
Which government agencies were infected with the malware? According to reports from Reuters, The Washington Post and The Wall Street Journal, the malware affected the US Homeland Security, State, Commerce and Treasury Departments, as well as the National Institutes of Health. Politico reported on Thursday that nuclear programs run by the US Department of Energy and the National Nuclear Security Administration were also targeted. 國土安全部、能源部下面的核武器部門、國家核子安全管理局都屬於襲擊目標。
It's still unclear what information, if any, was stolen from the federal agencies, but the amount of access appears to be broad.
Though the Department of Energy and the Commerce Department have acknowledged the hacks to news sources, there's no official confirmation that other specific federal agencies have been hacked. However, the US Cybersecurity and Infrastructure Security Agency put out an advisory urging federal agencies to mitigate the malware, noting that it's "currently being exploited by malicious actors." 其他聯邦部門尚未確認襲擊。美國網絡安全局CISA促請採取減輕損害的措施,因惡意分子正在利用所攻破的漏洞。
In a statement Thursday, President-elect Joe Biden said his administration will "make dealing with this breach a top priority from the moment we take office." 當選的拜登說他的政府一上台就會首先處理這事。
Why is the hack a big deal? In addition to gaining access to several government systems, the hackers turned a run-of-the-mill software update into a weapon. That weapon was pointed at thousands of groups, not just the agencies and companies that the hackers focused on after they installed the tainted Orion update. 將運行的軟件更新系統變為武器,指向幾千個公司和部門。
Microsoft president Brad Smith called this "an act of recklessness" in a wide-ranging blog post that explored the ramifications of the hack. He didn't directly attribute the hack to Russia, but described its previous alleged hacking campaigns as proof of an increasingly fraught cyber conflict. 俄國在網絡衝突中的肆意行動。
"This is not just an attack on specific targets," Smith said, "but on the trust and reliability of the world's critical infrastructure in order to advance one nation's intelligence agency." He went on to call for international agreements to limit the creation of hacking tools that undermine global cybersecurity. 微軟號召國際合作,限制駭客工具的開發。
Former Facebook cybersecurity chief Alex Stamos said on Twitter that the hack could lead to supply-chain attacks becoming more common. However, he questioned whether the hack was anything out of the ordinary for a well resourced intelligence agency. 臉書網絡安全官說,供應鏈襲擊可能會更多地發生,俄國情報部門說不定早就在做。
Were private companies or other governments hit with the malware? Yes. Microsoft confirmed Thursday that it found indicators of the malware in its systems, after confirming Sunday that the breach was affecting customers of its cybersecurity services. A Reuters report also said that Microsoft's own systems were used to further the hacking campaign, but Microsoft denied this claim to news agencies. On Wednesday, the company began quarantining the versions of Orion known to contain the malware, in order to cut hackers off from its customers' systems. 私營的微軟也發現其網絡安全服務遭襲。路透社說微軟被駭客用於進一步攻襲,微軟否認--他們已開始隔離Orion惡意版本,切斷它對顧客系統的訪問。
FireEye also confirmed last week that it was infected with the malware and was seeing the infection in customer systems as well.
Other than FireEye and Microsoft, it isn't clear which of SolarWinds' private sector customers saw malware infections. The company's customer list includes large corporations, such as AT&T, Procter & Gamble and McDonald's. The company also counts governments and private companies around the world as customers. FireEye says many of those customers were infected. 除了FirEye,SolarWinds的私營客戶還包括AT&T、P&G、McDonald's,不知這些公司是否看到惡意感染。
What do we know about Russian involvement in the hack? Unnamed US government officials have reportedly told news outlets that a hacking group widely believed to be a Russian intelligence agency is responsible for the malware campaign. SolarWinds, cybersecurity firms and US government statements have attributed the hack to "nation-state actors" but haven't named a country directly. 美國政府官員告訴媒體,這次惡性網絡活動的幕後是俄國情報機構。
In a statement on Facebook, the Russian embassy in the US denied responsibility for the SolarWinds hacking campaign. "Malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations," the embassy said, adding, "Russia does not conduct offensive operations in the cyber domain." 俄國大使館否認了指控。
Nicknamed APT29 or CozyBear, the hacking group named by news reports has previously been blamed for targeting email systems at the State Department and White House during the administration of President Barack Obama. It was also named by US intelligence agencies as one of the groups that infiltrated email systems at the Democratic National Committee in 2015, but the leaking of those emails isn't attributed to CozyBear. (Another Russian agency was blamed for that.) 新聞報告中所指控的駭客群組APT29曾被控攻擊白宮和國務院的電郵系統,還於2015年滲透到民主黨全國委員會的電郵系統。
More recently, the US, UK and Canada have identified the group as responsible for hacking efforts that tried to access information about COVID-19 vaccine research. 最近,美國、英聯邦、加拿大還指證他們企圖訪問關於COVID-19疫苗的研究信息。
No comments:
Post a Comment