NERC Says 375 Electricity Providers Installed the Laced SolarWinds Update

  • Hundreds of electricity providers in the United States got infected with the Sunburst backdoor.
  • In most cases, the threat actors didn’t actually engage in doing any damage to the compromised networks.
  • SolarWinds is still counting losses, as the company strives to stay afloat before the legal action wave hits.

The North American Electric Reliability Corporation (NERC) has posted an announcement that gives more details around how many electric utilities have installed the malicious SolarWinds software update that was meant to help Russian hackers deliver stealthy backdoors (Sunburst) onto critical systems, and the number is around 375. That’s a quarter of a total of 1,500 utilities sharing data with the power grid regulator, so it’s a significant portion of such a critical infrastructure in the United States.

The data concerns the attacks that were discovered back in December 2020, which is when the regulator sent the relevant alert to all its members. The neuralgic functions of the electric sector explain why the infection covered hundreds of entities. Still, we don’t know how many of them were active in the sense of having hackers moving in the networks of these units. After all, the actors had to choose where to focus from a pool of 18,000 compromised systems.

On that matter, NERC’s senior vice president, Manny Cancel, stated:

The overwhelming majority of electric organizations did not experience any of the indicators of compromise, meaning the command-and-control activity. From that respect, we did not see what some of the other sectors were seeing with the compromise.

In the meantime, SolarWinds Corporation has announced the cost of the incident in the first three months of 2021, and the company estimated it between $18 million and $19 million. These costs concern remediation efforts, contracts with CrowdStrike and KPMG, etc. The amounts are expected to grow exponentially when legal expenses have to come into play, inevitably. Obviously, even then, the total will pale in comparison to the overall cost of the breaches suffered by SolarWinds’ clients.

As for the actors behind the “Sunburst” campaign, a recent report from Palo Alto Networks’ Unit 42 team attributes about 1.3 million attacks that took place during Q1 2021 to Russian-based actors. They are the most active in the world, followed by US-based actors who were responsible for 850k attacks and Chinese hackers coming third with half a million during the same period.

Latest
How to Watch Shetland Season 7 Online From Anywhere
Shetland is back to answer all of the questions that left us hanging at the end of the last series, and you...
Real Madrid Vs Eintracht Frankfurt Live Stream: How to Watch UEFA Super Cup Final Online From Anywhere
The new soccer season is upon us, which means it is time for the UEFA Super Cup Final. Played between the previous...
How to Watch I Am Groot Online On Disney Plus
Marvel's I Am Groot is almost here, which means Marvel fans need to add one more show to their watchlist this summer. We...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]