Categories: SecurityWorkspace

NCSC Probes UK Fallout Of Massive Hacking Campaign

UK authorities have said they are continuing to investigate the impact of the Russia-linked SolarWinds hack on organisations within the country, after Microsoft warned that some of its British customers may have been affected.

The numbers of UK organisations are thought to be small and to be outside of the public sector, according to a UK security source.

However, the investigation into the hack’s fallout is likely to take several months, with more details emerging as it progresses.

Several dozen Microsoft customers worldwide are thought to have used the affected SolarWinds software, and Microsoft said it had informed at least one UK customer that it had been compromised in a linked attack.

The NCSC’s headquarters in Victoria. NCSC

Malware

But it said four in five of those affected were in the US, with nearly half being tech companies.

Microsoft customers in Belgium, Canada, Israel, Mexico, Spain and the UAE may also have been affected, the company said.

Microsoft said last week that its own systems had been compromised by the SolarWinds malware.

SolarWinds makes network monitoring software widely used in the public and private sectors, and an update to its Orion platform in March was discovered earlier this month to have included sophisticated malware.

US officials have said they believe Russia is behind the hack, but as yet there has been no official attribution in the UK or the US.

The attackers appear to have narrowly targeted selected organisations in an effort to steal national security, defence and related information, rather than trying to cause disruption.

As a result, many organisations that installed the malware on their systems may not have been affected.

Nuclear hack

US government departments including Defense, State, Treasury, Homeland Security and Commerce are known to have been compromised, as well as the US Energy Department and its National Nuclear Security Administration, which maintains the US’ nuclear capability.

However, Ciaran Martin, former head of GCHQ’s National Cyber Security Centre (NCSC), said the hackers had not accessed the weapons’ control systems.

Hacking the NNSA’s admin networks is “not the same as hacking the classified systems that control the weapons, which hasn’t happened”, Martin said on Twitter.

NCSC director of operations Paul Chichester said the agency is working to understand the scale of the “complex” hack and “any UK impact”.

“The NCSC is working to mitigate any potential risk, and actionable guidance has been published to our website,” he said in a statement.

“We urge organisations to take immediate steps to protect their networks – and will continue to update as we learn more.”

Russian threat

Microsoft president Brad Smith said in an official statement that it was “certain” the list of organisations and geographies known to be affected by the attack would continue to grow.

In July, a report by the UK’s Intelligence and Security Committee found that the UK was one of Russia’s top cyber-espionage targets.

The cyber-threat posed by Russia was “difficult for the West to manage”, the committee found.

Russia has denied involvement in the hack.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

17 mins ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

1 hour ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

2 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

4 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

6 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

7 hours ago