This is a wide-ranging and sophisticated cyberattack that engulfed even Federal agencies.

A nation-scale bad actor is said to be responsible for the security breaches last week that have compromised untold numbers of victims ranging from government agencies to corporates.

The modus operandi was to infect thousands of systems through SolarWinds, a third-party software vendor.

SolarWinds’ customers reportedly downloaded software updates containing the vulnerability that the hackers can now “pick and choose” to attack further.

Consider that SolarWinds has about 300,000 customers out of which about 18,000 may have already downloaded the infected updates. The scale of the unfolding hack attack is mind-bending.

The fear of the unknown

“I woke up in the middle of the night last night just sick to my stomach,” said Theresa Payton, who served as White House Chief Information Officer under President George W. Bush, to CNN last week. “On a scale of 1 to 10, I’m at a 9 — and it’s not because of what I know; it’s because of what we still don’t know.”

Top-notch cybersecurity firm FireEye (NASDAQ: FEYE) was also attacked. “The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors,” FireEye said, adding that the breaches in the hack attack appear to date as far back as the spring. “Each of the attacks requires meticulous planning and manual interaction.”

The Russian hand

US Secretary of State Mike Pompeo has openly blamed Russia for the attack. “We can say pretty clearly that it was the Russians that engaged in this activity,” he said Friday. (BBC News)

The Republican Chair of the Senate intelligence committee, Marco Rubio, tweeted that it is “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history”. He said the response “must be proportional but significant”.

The full scope and damage from this hack attack will only make itself known in the coming days. Meanwhile, according to FireEye, the attack could have permeated across the broad economy too. Because it found evidence of the virus at companies in the tech, consulting, telecom, and energy companies too.

Cybersecurity ETFs perk up

Investors may keep an eye on cybersecurity stocks and ETFs.

On Friday, the Global X Cybersecurity ETF (NASDAQ: BUG) rose 6.6% and the First Trust NASDAQ CEA Cybersecurity ETF (NASDAQ: CIBR) rose 3.9%.

Related Story:   Hackers, Suspected Of Russian Origin, Breach The U.S. Treasury