BBC News

SolarWinds: UK assessing impact of hacking campaign

By Gordon Corera
Security correspondent

Published
image copyrightGetty Images

UK security officials are trying to establish the extent of the impact on the UK of a major hacking campaign that threatened national security in the US.

The attack, using US firm SolarWinds' Orion platform, was discovered last week but has been going on for months.

A number of organisations, including US government departments, are understood to have been targeted.

A UK security source said "numbers in the UK are small and the organisations are not in the public sector".

But it's still early days in the investigation and more details could yet emerge.

What is described as a highly sophisticated cyber espionage operation had been under way for some months before it was spotted.

The access provided through compromising software from SolarWinds appears to have been used to steal data rather than for any disruptive or destructive impact.

It could have allowed the hackers to take a high degree of control over organisation's networks, but just because someone downloaded the software does not necessarily mean data was taken.

  • Five Russian hacks that transformed US cyber-security
  • US energy department caught up in giant cyber-hack

It appears those behind it targeted a narrow set of organisations in an attempt to steal national-security, defence and other related information.

There is no sign that significant theft of large amounts of customer or citizen data was an aim of the operation.

Microsoft and US officials have also suggested there might have been other methods of getting into networks as well as via the compromised SolarWinds update. It is possible the attack could pre-date March, when SolarWinds was first affected.

The UK's National Cyber Security Centre (NCSC) - an arm of intelligence agency GCHQ - is at the forefront of responding and is working with government and industry to provide advice and investigate what might have been stolen.

"This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact," said NCSC director of operations Paul Chichester.

"The NCSC is working to mitigate any potential risk, and actionable guidance has been published to our website. We urge organisations to take immediate steps to protect their networks - and will continue to update as we learn more."

'Large-scale digital espionage'

Microsoft said it had informed at least one UK customer that it had been compromised in a linked attack, but the numbers affected are thought to be small and apparently not government-related, although a risk to national security remains.

A full assessment of the damage in the US as well as the UK may take many months, as experts scour networks for signs of data being stolen.

"Based on what we currently know, this is very large-scale digital espionage of the type that's been going on for many years," Ciaran Martin, the former head of the NCSC told the BBC.

"This is an unusually sophisticated compromise. It reinforces the point that securing the supply chain is one of the hardest challenges around,"

US officials have suggested they believe Russia was responsible and the type of high-end espionage operation fits in with past behaviour of Russian hackers.

But neither the US nor UK has yet formally and publicly "attributed" the attack, even though it is clear they believe a nation state was responsible.

Moscow has denied any role in it.

Related Topics

  • Cyber-security
  • Cyber-attacks
  • Microsoft
  • Computer hacking

More on this story

  • SolarWinds: Why the Sunburst hack is so serious