Malicious software had been operating undetected for months,

惡意軟件已經運行了幾個月而未被發現。

possibly affecting as many as 18,000 organizations —

可能影響到多達18,000個組織--------。

including most U.S. federal government unclassified networks and more than 425 Fortune 500 companies.

包括大多數美國聯邦政府的非機密網絡和超過425家財富500強企業。

More than a month after the breach was discovered, there are still a lot of things we don't know,

漏洞被發現一個多月後，我們還有很多事情不知道。

like how it happened, and what it's going to take to recover.

就像它是如何發生的，以及它要如何恢復。

But before we get started, the reality is that there aren't a lot of facts out there at the moment,

但在我們開始之前，現實情況是，目前的事實並不多。

but here's what we do know.

但我們知道的是

There are indicators that this is not just one guy sitting in his basement.

有跡象表明，這不僅僅是一個人坐在他的地下室裡。

This hack is what's known as a supply chain attack,

這個黑客就是所謂的供應鏈攻擊。

where hackers get past their target's security using a trusted third party's software.

黑客利用可信的第三方軟件通過目標的安全性。

Supply chain attacks take considerable resources and time to pull off,

供應鏈攻擊需要大量的資源和時間來完成。

meaning they're usually the work of hackers backed by a nation-state.

意味著它們通常是由一個民族國家支持的黑客所為。

While cyberwarfare and espionage is something many countries engage in,

雖然網絡戰和間諜活動是很多國家都在進行的。

one nation in particular has emerged as a likely suspect.

有一個國家特別成為可能的嫌疑人。

The U.S. has an ongoing contentious relationship with Russia in cyberspace.

美國與俄羅斯在網絡空間的關係一直存在爭議。

Each country has access to the other's power grid,

每個國家都可以進入對方的電網。

and Russian intelligence is credited with breaking into the email servers of the White House,

和俄羅斯情報部門被認為入侵了白宮的電子郵件服務器。

State Department, and Joint Chiefs of Staff in 2014 and 2015.

國務院和參謀長聯席會議在2014年和2015年。

So, when news of the latest intrusion broke, federal authorities and cybersecurity experts named Russia as the most likely culprit.

所以，當最新的入侵消息傳出後，聯邦當局和網絡安全專家將俄羅斯列為最有可能的罪魁禍首。

Russia, for its part, denies any involvement.

俄羅斯方面則否認有任何參與。

You may be wondering how the hackers managed to gain access to such a wide breadth of networks,

你可能想知道，黑客是如何設法進入如此廣泛的網絡的。

including those of the U.S. Departments of Treasury, Commerce, Energy, and State.

包括美國財政部、商務部、能源部和國務院的。

While multiple vendors that work with the U.S. government like Microsoft were attacked,

而微軟等多家與美國政府合作的廠商則遭到了攻擊。

most of the affected networks we know about so far can be traced to a Texas-based company called SolarWinds.

到目前為止，我們所知道的大多數受影響的網絡都可以追溯到一家名為SolarWinds的德州公司。

SolarWinds provides network monitoring and management tools.

SolarWinds 提供網絡監控和管理工具。

Its flagship software, called Orion, is used by over 33,000 companies.

其旗艦軟件Orion被33000多家公司使用。

SolarWinds was initially breached as far back as September 2019.

SolarWinds早在2019年9月就被初步攻破。

It's under the impression that hackers were able to target this trusted company

印象中，黑客能夠瞄準這家值得信賴的公司。

and install malware into an update of the Orion software that all of their clients unsuspectedly downloaded.

並將惡意軟件安裝到獵戶座軟件的更新中，他們所有的客戶都不約而同地下載了該軟件。

It's hard to grapple with just how massive a security breach this is,

很難想象這到底是一個多麼巨大的安全漏洞。

partly because we still don't know the extent to which networks are compromised.

部分原因是我們仍然不知道網絡被入侵的程度。

SolarWinds identified 18,000 networks that installed the update.

SolarWinds 確定了 18,000 個安裝更新的網絡。

The breach went unnoticed for almost 9 months, giving the hackers lots of time to delete their initial entry points,

這次違規事件在近9個月的時間裡都沒有被發現，這給了黑客很多時間來刪除他們最初的入口點。

create new ones, and in some cases, take full control of networks.

創建新的，在某些情況下，完全控制網絡。

Which networks they have access to and which ones they can fully control, we still don't know.

他們能進入哪些網絡，能完全控制哪些網絡，我們還是不知道。

What they plan to use their access for is also a question mark,

他們打算用自己的權限做什麼，也是一個問題。

but they've penetrated some networks so thoroughly they could potentially alter or delete data

但他們已經滲透到一些網絡 如此徹底，他們可能會改變或刪除數據

and impersonate government officials.

並冒充政府官員。

Ridding the affected systems of malware is not as simple as deleting Orion.

清除受影響系統的惡意軟件並不是刪除Orion那麼簡單。

Some experts are calling for entire networks to be rebuilt, which would be incredibly time consuming and costly.

一些專家呼籲重建整個網絡，這將是非常耗時和昂貴的。

That's because the current system used by the U.S. is a multibillion-dollar detection system called Einstein

因為美國目前使用的系統是一套價值幾十億美元的檢測系統，叫愛因斯坦。

that works to identify malware and potential attacks.

識別惡意軟件和潛在攻擊的工作。

But Einstein had a flaw as it has been reported that its systems were not equipped to effectively identify new uses of already known code.

但愛因斯坦有一個缺陷，因為據報道，它的系統不具備有效識別已知代碼的新用途。

Therefore it allowed the new malicious code to pass undetected in the system.

是以，它允許新的惡意代碼在系統中不被發現。

So, automatic defenses like Einstein will have to be updated to patch blindspots the hackers exploited,

所以，像愛因斯坦這樣的自動防禦系統將不得不更新，以修補黑客利用的盲點。

and teams of security professionals will have to supplement Einstein by scouring code themselves

而安全專家團隊將不得不通過自己搜刮代碼來補充愛因斯坦的不足。

to root out malware automated defenses miss.

來根除惡意軟件自動防禦系統所遺漏的。

It's going to take a long time and a lot of money to evict these bad actors.

要驅逐這些壞演員需要很長的時間和很多錢。

With cyberwarfare and espionage paying out huge dividends compared to the cost of the operations,

與網絡戰和間諜活動付出的成本相比，網絡戰和間諜活動的紅利巨大。

expect cyberattacks to be a regular part of our future moving forward.

預計網絡攻擊將是我們未來發展的一個常規部分。