Iran Press/ America: According to the report, the hacking campaign that infected numerous government agencies and tech companies with malicious SolarWinds software has also infected more than a dozen critical infrastructure companies in the electric, oil, and manufacturing industries who were also running the software, according to a security firm conducting investigations of some of the breaches.
The intercept added: "In addition to the critical infrastructure companies, the SolarWinds software also infected three firms that provide services for such companies, says Rob Lee, CEO of Dragos, Inc., which specializes in industrial control system security and discovered some of the infections."
"The service companies are known within the industry as original equipment manufacturers or OEMs. They sometimes have remote access to critical parts of customer networks, as well as privileges that let them make changes to those networks, install new software, or even control critical operations. This means that hackers who breached the OEMs could potentially use their credentials to control critical customer processes, the report added."
The news-analytical database noticed: "There is currently no evidence, however, that the hackers used the backdoor in the SolarWinds software to gain access into the 15 electric, oil, gas, and manufacturing entities that were infected with the software. But Lee notes that it may not be possible to uncover such activity if the attackers did access them and burrow further into the industrial control networks, because critical infrastructure entities generally don’t do extensive logging and monitoring of their control system networks."
Intercept said that attack on US Infrastructure could put hackers in a position to do more than stealing information.
The US government officials have accused Russia of the attacks, but Russia rejected the allegation.
207
Read more:
Russia rejects any role in cyberattacks on US Treasury Department
US Nuclear weapons agency hacked amid massive cyber
Hackers threaten to leak personal info after attacking Israeli insurance firm
