Russia’s “Sunburst Gambit” — The Hack of SolarWinds, FireEye, et al.

Cyber security is a game between the aggressor and the defender. Both players play both roles at times. The game board is the systems of computers owned and operated by governments and corporations around the world. It is like a strange version of Chess. One side moves and the other makes a counter. In the game the world is just hearing about, Russia pulled off the most masterful move and the U.S. never saw it coming and has no real countermove.

In the last week, the world was made aware that the cyber security Juggernaut, FireEye, was electronically infiltrated (hacked) by the Russians. During the hack, the Russians stole FireEye’s offensive cyber weapons. Those “weapons” were used by FireEye and its clients, various government agencies among them, to hack other countries.

This news was followed by the fact that the hack was actually malware embedded in a software update from another well-respected cyber security firm, Solar Winds.

With this discovery, we have found out that the FireEye hack was likely not a targeted attack but rather a “bonus” for the Russian attackers. The true target was every SolarWinds customer, specifically the US government agencies using their product.

Upon discovery of the FireEye hack, the company decided to make public counter measures for their offensive weapons. The intention was for companies to be able to determine if they were being attacked using the FireEye weapons and hopefully mitigate those attacks.