At least 24 big companies including tech giants like Intel, Cisco, VMware, and Nvidia are part of the SolarWinds hack allegedly orchestrated by Russia-backed cybercriminals, the media reported.
The suspected Russian hackers installed malware in the Orion software sold by the IT management company SolarWinds, and accessed sensitive data belonging to several US government agencies, at least one hospital, and a university, reports Wall Street Journal.
The report said on Monday that several tech companies also suffered data breaches in this massive hack operation.
Cisco, Intel, Nvidia, Belkin, and VMware have all had computers on their networks software infected with the malware.
“Cisco confirmed that it found the malicious software on some employee systems and a small number of laboratory systems”.
The company was still investigating the hack. Intel “is investigating the incident and has found no evidence the hackers used the backdoor to access the company’s network”.
VMware said it found “limited instances” of the malicious software in its systems.
“The attackers also had access to the California Department of State Hospitals and Kent State University”.
An Nvidia spokesman told the WSJ that the company has “no evidence at this time that Nvidia was adversely affected and our investigation is ongoing.”
SolarWinds had stated that “fewer than 18,000” companies were impacted. The Journal gathered digital clues from victim computers collected by threat-intelligence companies Farsight Security and RiskIQ.
It then used decryption methods to reveal the identities of some of the servers that downloaded the malicious code.
“In some cases, the analysis led to the identity of compromised organizations and showed when the code was likely activated � indicating that the hackers had access”, the report mentioned.
Microsoft President Brad Smith last week said that they have identified more than 40 customers who have been affected by nation-state hackers who installed malware in SolarWinds’ Orion platform.
Cybersecurity firm FireEye’s CEO Kevin Mandia had said that “we are witnessing an attack by a nation with top-tier offensive capabilities,” and the Washington Post reported that a hacker group backed by the Russian government is behind data breaches at the Treasury and Commerce departments and other US government agencies.
According to Smith, the attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft.
The hacking group, known as APT29, or Cozy Bear, is behind the attack on FireEye, accessing its internal network and stealing hacking tools the company uses to test the networks belonging to its customers.
“While roughly 80 percent of these customers are located in the United States, this work so far has also identified victims in seven additional countries,” Smith informed in a blog post.
The countries are Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE.