ProPublica: The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

ProPublica: The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack. “The software company SolarWinds unwittingly allowed hackers’ code into thousands of federal computers. A cybersecurity system called in-toto, which the government paid to develop but never required, might have protected against this.”

SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments (CBS News)

CBS News: SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments. “President Biden inherited a lot of intractable problems, but perhaps none is as disruptive as the cyber war between the United States and Russia simmering largely under the radar. Last March, with the coronavirus spreading uncontrollably across the United States, Russian cyber soldiers released their own contagion by sabotaging a tiny piece of computer code buried in a popular piece of software called ‘SolarWinds.’”

CNET: Russia blamed for SolarWinds hack in joint FBI, NSA and CISA statement

CNET: Russia blamed for SolarWinds hack in joint FBI, NSA and CISA statement. “Key government intelligence agencies said Tuesday that the SolarWinds hack is ‘likely Russian in origin,’ according to a joint statement from the FBI, NSA, Cybersecurity and Infrastructure Security Agency and Office of the Director of National Intelligence. It’s the first time the four agencies have attributed the cyber attack to Russia.”

US cyber-attack: Around 50 firms ‘genuinely impacted’ by massive breach (BBC)

BBC: US cyber-attack: Around 50 firms ‘genuinely impacted’ by massive breach. “The cyber-security firm that identified the large-scale hacking of US government agencies says it ‘genuinely impacted’ around 50 organisations. Kevin Mandia, CEO of FireEye, said that while some 18,000 organisations had the malicious code in their networks, it was the 50 who suffered major breaches.”

The Hacker News: New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor

The Hacker News: New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor. “A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process.”