The hack has badly shaken the
The aim is not just to ferret out and evict the hackers but to keep them from being able to re-enter, said
“There’s a lot of specific things you have to do — we learned from our investigations — to really eradicate the attacker," he said.
Since
On Tuesday, the security software company
The intruders have stealthily scooped up intelligence for months, carefully choosing targets from the roughly 18,000 customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by
“We continue to learn about new victims almost every day. I still think that we’re still in the early days of really understanding the scope of the threat-actor activity,” said Carmakal.
During a
The public has not heard much about who exactly was compromised because many victims still can’t figure out what the attackers have done and thus “may not feel they have an obligation to report on it,” said Carmakal.
“This threat actor is so good, so sophisticated, so disciplined, so patient and so elusive that it’s just hard for organizations to really understand what the scope and impact of the intrusions are. But I can assure you there are a lot of victims beyond what has been made public to date,” Carmakal said.
On top of that, he said, the hackers “will continue to obtain access to organizations. There will be new victims.”
Carmakal said he believed software companies were prime targets because hackers of this caliber will seek to use their products — as they did with SolarWinds’ Orion module — as conduits for similar so-called supply-chain hacks.
The hackers’ programming acumen let them forge the digital passports — known as certificates and tokens — needed to move around targets'
They tended to zero in on two types of accounts, said Carmakal: Users with access to high-value information and high-level network administrators, to determine what measures were being taken to try to kick them out,
If it’s a software company, the hackers will want to examine the data repositories of top engineers. If it’s a government agency, corporation or think tank, they’ll seek access to emails and documents with national security and trade secrets and other vital intelligence.
Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission., source