On 11th of May, a security headline broke the news about the USIS cyber attack (U.S. Investigations Services) potentially conducted by Chinese state-sponsored hackers via a vulnerability in SAP Software. Hackers broke into third-party software in 2013 to open personal records of federal employees and contractors with access to classified intelligence, according to the government’s largest private employee investigation provider .
USIS is a federal contractor which conducts background checks for DHS – the largest commercial provider of background investigations to the federal government. It has more than 5,700 employees providing services in all 50 states of the U.S. territories and overseas. As the result of the breach, more than 27,000 personnel seeking security clearances were compromised. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for further malicious gain.
Within a couple of hours after information that it was an SAP vulnerability we contacted with journalists of DarkReading and gave them feedback and some comments.
Now we sharing all comments that were prepared as well as additional research conducted by us, to tell you what can be the next steps for organizations to secure their systems and prevent these attacks.
Below you can find the timeline of this attack investigation, the collection of historical facts from different resources, and our comments on the topic.