GCHQ investigates possible UK exposures after second major US hack disclosed

The head of the UK’s communications intelligence service GCHQ has described two major security breaches at US software firms this week as “serious events”, as British intelligence officials investigate the level of UK exposure.

Jeremy Fleming was speaking in the wake of an attack on US IT company SolarWinds, which has disclosed that monitoring products it released in March and June of this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state”.

SolarWinds is a software company based in Austin, Texas that also provides services to the White House, Pentagon and NASA, according to its website.

Additionally, the company provides services to the country’s leading telecommunications providers, as well as “more than 425 of the US Fortune 500”.

The statement came as the US intelligence community urgently investigates breaches at several government agencies, including the US Treasury and Department of Commerce.

The attack has reportedly been linked to the same cyberespionage campaign that has also afflicted the prominent US cybersecurity firm FireEye.

As reported by Emerging Risks, FireEye, one of the largest cybersecurity companies in the United States, last week became the latest victim of a targeted cyber hacking.

The company suggested that the breach was most likely by a foreign government, leading to the theft of an array of internal hacking tools typically used to test the cyber defences of its clients.

The cyber-attack on FireEye is especially galling given that it is a company with a number of business contracts across the national security space both in the United States and its allies.

Commenting on the latest hacking disclosure, SolarWinds said it is “acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters”.

It later added that ‘fewer than 18,000 customers’ had software compromised in the damaging hack.

In its statement, SolarWinds said that the hack “was used to compromise the company’s emails” and possibly gather other data as well.

The company said it had retained third-party cybersecurity experts to assist in its investigation.

The hackers are suspected of using a method, dubbed the ‘supply chain attack’, in which malicious code is embedded into software updates provided to victims.