NERC Says 375 Electricity Providers Installed the Laced SolarWinds Update

  • Hundreds of electricity providers in the United States got infected with the Sunburst backdoor.
  • In most cases, the threat actors didn’t actually engage in doing any damage to the compromised networks.
  • SolarWinds is still counting losses, as the company strives to stay afloat before the legal action wave hits.

The North American Electric Reliability Corporation (NERC) has posted an announcement that gives more details around how many electric utilities have installed the malicious SolarWinds software update that was meant to help Russian hackers deliver stealthy backdoors (Sunburst) onto critical systems, and the number is around 375. That’s a quarter of a total of 1,500 utilities sharing data with the power grid regulator, so it’s a significant portion of such a critical infrastructure in the United States.

The data concerns the attacks that were discovered back in December 2020, which is when the regulator sent the relevant alert to all its members. The neuralgic functions of the electric sector explain why the infection covered hundreds of entities. Still, we don’t know how many of them were active in the sense of having hackers moving in the networks of these units. After all, the actors had to choose where to focus from a pool of 18,000 compromised systems.

On that matter, NERC’s senior vice president, Manny Cancel, stated:

The overwhelming majority of electric organizations did not experience any of the indicators of compromise, meaning the command-and-control activity. From that respect, we did not see what some of the other sectors were seeing with the compromise.

In the meantime, SolarWinds Corporation has announced the cost of the incident in the first three months of 2021, and the company estimated it between $18 million and $19 million. These costs concern remediation efforts, contracts with CrowdStrike and KPMG, etc. The amounts are expected to grow exponentially when legal expenses have to come into play, inevitably. Obviously, even then, the total will pale in comparison to the overall cost of the breaches suffered by SolarWinds’ clients.

As for the actors behind the “Sunburst” campaign, a recent report from Palo Alto Networks’ Unit 42 team attributes about 1.3 million attacks that took place during Q1 2021 to Russian-based actors. They are the most active in the world, followed by US-based actors who were responsible for 850k attacks and Chinese hackers coming third with half a million during the same period.

REVIEW OVERVIEW

Latest

NBCUniversal’s Streaming Platform ‘Peacock’ Is Landing on Amazon’s Fire TV Today

Users of Fire TV devices will finally be able to enjoy ‘Peacock’ content on their Amazon hardware.This has been requested warmly by...

Dell Fixes Multiple BIOS Vulnerabilities Affecting Millions of Its Computers

Tens of millions of Dell computers are vulnerable to arbitrary remote code execution flaws.The problem lies in BIOS components that come as...

Former Executives of French Spyware Firms ‘Nexa’ and ‘Amesys’ Indicted for Aiding Torture

Four former executives of two French spyware firms have been indicted in Paris for aiding torture in Africa.These people were determined to...