The Boston Globe has the following:
It’s going to take months to kick elite hackers widely believed to be Russian out of the US government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into US agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.
“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.
Continue reading the article online (subscription may be required)
While Franklin suffered from the spear phishing attack which resulted in a diverted payment, the attacker/nefarious character did not access the Franklin network. They used the person inside to do their work. The Russian hack into the major systems of some companies and several government agencies was sophisticated in planning as they apparently hit the supply chain for a piece of software used to protect networks. Once inside, the "trojan horse" allowed access and control. The scope and objective of the hack remains to be determined.
- A good summary from The Guardian: https://www.theguardian.com/technology/2020/dec/18/orion-hack-solarwinds-explainer-us-government
- More inside technical details From Bruce Schneier (reference in article quote from Boston Globe: https://www.schneier.com/blog/archives/2020/12/nsa-on-authentication-hacks-related-to-solarwinds-breach.html
- Also good technical details from Krebs on Security: https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/