Search This Blog

Showing posts with label US Spy Agencies. Show all posts

SolarWinds Hack Alarms US Spy Agencies to Inspect Software Suppliers' Ties with Russia

 

US intelligence agencies have started to study supply chain threats from Russia, a top official within the Justice Department confirmed on Thursday 6th of May, in the wake of the far-reaching hacker operations that used software developed by SolarWinds as well as other suppliers. 

SolarWinds Inc. is an American multinational that creates software to help companies manage their IT infrastructure, systems, and networks. It is based in Austin, Texas, and has distribution and product development branches at several US locations and other countries.

According to John Demers, Assistant Attorney General for National Security, the examination will concentrate on any supply chain vulnerabilities arising from Russian businesses—or US businesses operating in Russia. 

“If there’s a back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” Demers stated during a Justice Department-hosted cybersecurity conference. 

Demers stated that any information gathered from the Commerce Department would be passed on to the FBI and the other intelligence officials to determine whether more actions are required to remove suppliers from the U.S. supply chains or not. 

The White House accused the Russian SRV foreign intelligence agency of the spying operation which used the software of SolarWinds and penetrated at least nine U.S. federal agencies. Russian technology firms have also been endorsed by the management of Biden to finance the cyber operations of Russian intelligence agencies. Though the allegations were rejected by Moscow. 

However, the United States intelligence analysis reveals that the Biden administration is also looking into how potential spying operations will mimic whatever the SVR is supposed to use weak points in US tech companies' networks. 

An extensive range of US government and businesses were exposed to infiltration by allegedly Russian hacking. Initially, SolarWinds, stated that the malicious code had been downloaded by 18,000 customers. However, the original target list of spies was made up of 100 corporations and, as per the White House, at least nine federal agencies. 

Concerns of American officials regarding exposures to the supply chain have indeed increased in recent weeks as certain hacks arose. 

Whereas a 2019 executive order signed by then-President Donald Trump appears to approve the supply chain inspection, that forbids US telecommunications companies from using hardware that constitutes a national security risk. 

Although the executive order was widely seen as an effort to further limit the Chinese telecommunications company Huawei's access to US markets, it can also be applied to various other technologies from other countries. U.S. intelligence officers are tasked with constantly reviewing international supply chain threats and providing for additional "rules and regulations" to recognize innovations or nations that may pose a danger. 

In the supply chain screening, the US intelligence officials have long expressed fears that Moscow could use the Russian suppliers' technology to spy on America.