Five Things To Know About the Sunburst Hack
One of the most devastating cyberattacks in history has left us with a lot to think about.
In early 2020, a major cyberattack by an unknown group — likely sponsored by a hostile foreign government — gained access to multiple networks run by the United States federal government and many large technical and financial firms, leading to a massive data breach. It’s considered to be among the worst cyber-espionage events ever suffered by the United States.
Soon after its discovery, hundreds of organizations worldwide reported being affected by the hack, with many reporting significant data breaches.
First reported on December 13, 2020, it was initially thought to have only affected the US Treasury and the US Department of Commerce. Investigators soon discovered in the days following that numerous government agencies and private organizations suffered similar attacks.
Thousands of organizations have had to take their networks offline and begin the long process of analysis and decontamination to undo or minimize the damage.
Meanwhile, cybersecurity experts struggle to take in the enormity of the Sunburst hack and all of its implications.
The perpetrators were likely foreign agents and not mere cybercriminals
Cybercriminals pick their victims with care and consider the possibility of getting caught. Their main goal is financial gain. They often achieve these ends via ransomware, data theft, or siphoning off computing resources (such as processing power for mining cryptocurrency).
Cybercriminals also know that, for the most part, they’re dealing with law enforcement often woefully unprepared for handing many cybercrimes. One thing that makes cybercriminals so bold is the more-than-decent chance that even should their attempts fail, they can disappear before getting caught.
Finally, typical cybercriminals go after easier targets. They go for universities, businesses, or small government networks that are more likely to have substandard security measures.