By early 2021, it looks like Apple’s line of new computers has already been breached by a malicious set of software nicknamed “Silver Sparrow.” Just shy of 30,000 of Apple’s new computers have already been infected, according to the security firm Red Canary, primarily in the United States, United Kingdom, Canada, France, and Germany.
The infected machines range from the Mac Mini desktop to the latest version of Apple’s laptops. Both the latest MacBook Air and 13-inch MacBook Pro are powered by M1 chips.
Notably, security researchers have yet to observe the Silver Sparrow malware actually doing anything harmful.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet,” Tony Lambert, an analyst at Red Canary intelligence, wrote in a blog post. “Its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.”
Got a tip? Contact Insider senior correspondent Ben Gilbert via email (email@example.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.
The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, ZDNet reported, adding to the growing list of major security firms targeted by the group.
Malwarebytes said hackers used a weakness in the Azure Active Directory and malicious Office 365 applications to breach the company’s internal systems, according to ZDNet. The company said the situation was not related to the SolarWinds’ breach, as Malwarebytes doesn’t use any of their systems.
The SolarWinds hack last year was a “supply chain attack” that led to breaches at US government agencies and other businesses. SolarWinds, FireEye, Microsoft, CrowdStrike and now Malwarebytes have all been targeted by UNC2452/Dark Halo, a group US agencies have said the Russian government is behind.
Malwarebytes was not immediately available for Insider’s request for comment.
Malwarebytes learned of the breach on December 15 from the Microsoft Security Response Center and has since investigated the matter. The company’s CEO Marcin Kleczynski told ZDNet the hacker only gained access to a limited subset of internal company emails and added that the “software remains safe to use.”
A massive cyber attack reportedly executed by a Russian intelligence agency put thousands of companies and US government agencies at risk of being spied on or having data stolen for up to nine months.
The software firm SolarWinds was breached earlier this year when hackers broke into its system and inserted malicious code into one of its software platforms. Customers who updated their software from March to June added the malware to their networks, giving the hackers a backdoor into their systems.
SolarWinds has hundreds of thousands of clients across the globe, including government agencies and most Fortune 500 companies. The company said up to 18,000 of its customers downloaded the software update that contained the malicious code.
Investigating the extent of the cyberattacks may take years, but some organizations have already emerged as compromised, meaning the hackers had potential access to their networks. But it will take long-term investigations for some firms and agencies to determine what data, if any, were stolen or manipulated.
Here’s a list of the major US agencies and firms that were reportedly breached:
Department of State
The State Department is among the US agencies said to have been breached, The Washington Post first reported. Russians had also hacked into part of the department’s system in 2014.
Department of Homeland Security
Reuters first reported the breach at the Department of Homeland security, the agency responsible for cybersecurity, border security, and, recently, the distribution of the coronavirus vaccine. The department’s Cybersecurity and Infrastructure Security Agency also oversaw the secure presidential election last month.
National Institutes of Health
The Post also reported the National Institutes of Health, housed in the Department of Health and Human Services, was also compromised. Reports emerged in the summer that the SVR, a Russian intelligence agency, had targeted the COVID-19 vaccine research.
Parts of the Pentagon, the headquarters of the Department of Defense, were breached, an unnamed US official reportedly told The New York Times. The official said the extent of the attack was unknown.
Department of Energy
Politico reported the Energy Department, including its National Nuclear Security Administration, was subject to the cyber attack. In a statement, a spokesperson said the breach was “isolated to business networks only,” and did not impact national security functions of the department, which includes managing the nuclear weapons stockpile.
Department of the Treasury
The Treasury Department, which manages national finances, was among the first confirmed breaches of the federal government, Reuters reported. Hackers were reportedly spying on internal emails, but the extent of the attack is still unknown.
Department of Commerce
The Commerce Department was also one of the first agencies to have confirmed a breach. Sources told Reuters hackers also appeared to be spying on department emails.
State and local governments
Sources told Bloomberg that up to three state governments were hit by the attack, though they did not name which states. The Intercept reported that the network of the city of Austin, Texas was also breached.
Microsoft confirmed Thursday it was compromised in the cyberattack. Reuters initially reported the breach may have made the tech giant’s customers vulnerable, but Microsoft denied this. The company said there is no evidence its products or customer data were targeted.
FireEye, one of the world’s leading cybersecurity firms, announced on December 8 that its systems had been hacked by a nation-state, marking the first discovery of the sweeping cyberattack.