NCSC Probes UK Fallout Of Massive Hacking Campaign

Matthew Broersma,
HSBC, security, hacking

UK authorities investigate impact on British public and private-sector organisations from allegedly Russian cyber-espionage attack that went on for months

UK authorities have said they are continuing to investigate the impact of the Russia-linked SolarWinds hack on organisations within the country, after Microsoft warned that some of its British customers may have been affected.

The numbers of UK organisations are thought to be small and to be outside of the public sector, according to a UK security source.

However, the investigation into the hack’s fallout is likely to take several months, with more details emerging as it progresses.

Several dozen Microsoft customers worldwide are thought to have used the affected SolarWinds software, and Microsoft said it had informed at least one UK customer that it had been compromised in a linked attack.

The NCSC's headquarters in Victoria. NCSC, security
The NCSC’s headquarters in Victoria. NCSC

Malware

But it said four in five of those affected were in the US, with nearly half being tech companies.

Microsoft customers in Belgium, Canada, Israel, Mexico, Spain and the UAE may also have been affected, the company said.

Microsoft said last week that its own systems had been compromised by the SolarWinds malware.

SolarWinds makes network monitoring software widely used in the public and private sectors, and an update to its Orion platform in March was discovered earlier this month to have included sophisticated malware.

US officials have said they believe Russia is behind the hack, but as yet there has been no official attribution in the UK or the US.

The attackers appear to have narrowly targeted selected organisations in an effort to steal national security, defence and related information, rather than trying to cause disruption.

As a result, many organisations that installed the malware on their systems may not have been affected.

Nuclear hack

US government departments including Defense, State, Treasury, Homeland Security and Commerce are known to have been compromised, as well as the US Energy Department and its National Nuclear Security Administration, which maintains the US’ nuclear capability.

However, Ciaran Martin, former head of GCHQ’s National Cyber Security Centre (NCSC), said the hackers had not accessed the weapons’ control systems.

Hacking the NNSA’s admin networks is “not the same as hacking the classified systems that control the weapons, which hasn’t happened”, Martin said on Twitter.

NCSC director of operations Paul Chichester said the agency is working to understand the scale of the “complex” hack and “any UK impact”.

“The NCSC is working to mitigate any potential risk, and actionable guidance has been published to our website,” he said in a statement.

“We urge organisations to take immediate steps to protect their networks – and will continue to update as we learn more.”

Russian threat

Microsoft president Brad Smith said in an official statement that it was “certain” the list of organisations and geographies known to be affected by the attack would continue to grow.

In July, a report by the UK’s Intelligence and Security Committee found that the UK was one of Russia’s top cyber-espionage targets.

The cyber-threat posed by Russia was “difficult for the West to manage”, the committee found.

Russia has denied involvement in the hack.