On 14/01/2021, the Centre for Cyber Security Belgium held its quarterly QCTR event, when experts discuss the most important contemporary cyber threats. The online edition attracted 1,300 interested parties from more than 50 countries. This is a record and unique for Belgium. Not surprisingly, the SolarWinds case was on the programme. This attack on US government agencies overshadowed all other events in the US at that time and continues to be investigated to this day.
For those who missed it all: In December 2020, several US government agencies fell victim to a cyber attack through the Orion platform, a software package from SolarWinds. The software that was compromised allows remote system management. A total of 18,000 organizations worldwide installed the malicious update, and many systems communicated with a Command and Control server run by the attackers. A number of organizations have confirmed that the attackers have taken further steps on their network. This mainly concerns major US government agencies such as the US Treasury Department, the National Telecommunications and Information Administration (NTIA) and the National Institutes of Health (NIH).
The attack was complex and large in scale.
Are Belgian public services and companies at risk?
This software is used all over the world, including Belgium. Microsoft was already able to detect 40 customers in December, including one in Belgium. The CCB does not know all Belgian customers and has yet to receive a report of a Belgian victim. However, it remains important to monitor this threat and to identify and further assist potential victims.
The CCB took this threat seriously from the beginning. We were and are constantly on standby to answer questions from potential victims. On 18/12, we published a technical advisory document. We had meetings with several Information Sharing and Analysis Centres (ISAC). Reports were published and shared with partners through the Early Warning System (EWS). And we are hosting an event where experts from FireEye, Kaspersky and others will share their findings to draw lessons for the future.
And who did it?
The American press immediately pointed to Russian state hackers. Attributing or assigning a cyber attack, however, is a very difficult matter. To this day, we have no certainty about who was behind it.