The victims were discovered through a coding script launched by senior security researchers at Kaspersky to decrypt online web records left behind by the attackers
The suspected hackers from Russia are now speculated to have hijacked the county government in Arizona and the U.S. internet service provider, Cox Communications. These are the hackers from the same location who are alleged to have hacked the U.S. Treasury Departments and the Department of Homeland Security, a couple of weeks back.
This is according to an analysis of web-records available publicly. SolarWinds, the US based firm that develops software for businesses mentioned that it is the actual ladder used by spammers who hacked 18,000 of the firm’s customers who were forced to download a compromised software update. It ultimately helped the hackers to spy on their agencies, businesses, confidential documents for over nine months.
The company has sent its security team around the world at a quite fast pace to curtail the damage. The encroachment into Cox Communications and the local government in Arizona reveal that besides hacking into the high-profile departments of the U.S. they have also hijacked the low-profile departments as well.
An anonymous spokesperson at Cox Communications said to Reuters exclusively, “the company was working around the clock with the help of outside security experts to investigate any consequences of the SolarWinds compromise. The security of the services we provide is a top priority.”
Dan Hunt, Chief Information Officer at Arizona Pima County sent a document to the Reuters via email where he stated that according to the instructions of the U.S government his team followed the orders to block SolarWinds software instantly after it was discovered to be hacked. Further investigations found that there was no breach into the systems.
On Sunday, the state passed an emergency warning to uninstall all SolarWinds software from the government departments that had been attacked by high-end spammers. The warnings appeared after Reuters exclusively stated that alleged Russian hackers have spammed SolarWinds software updates, which were further used to hijack several US government agencies. Moscow denied any link with these phishing.
Igor Kuznetsov, kaspersky researcher said to Reuters CNAME is a kind of web record comprises of an encoded unique identifier for each victim and shows which of the thousands of “backdoors” available to them the hackers chose to open.