U.S. Agencies Attacked by Suspected Russian Hackers

Share

That warning came after Reuters reported suspected Russian hackers had used hijacked SolarWinds software updates to break into multiple American government agencies, including the Treasury and Commerce departments.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, or CISA, said in a statement that the agency has been working closely with its partners regarding "recently discovered activity on government networks".

In a recent statement, National Security Council spokesperson John Ullyot stated that the US government was "taking all necessary steps to identify and remedy any possible issues related to this situation".

Software provider SolarWinds stated on Monday that fewer than 18,000 of its customers are thought to have downloaded a compromised software update, which enabled a nation-state hacker group to breach the computer networks of the US Treasury Department and other federal agencies.

Microsoft has declined to respond to a request for comments, reports Reuters. The victim list is expected to grow as federal and private-sector investigators sort through digital clues.

As early as March of this year, customers of SolarWinds Inc., a USA network-management company, began unwittingly installing malicious software as part of a routine and seemingly benign update issued for a software product known as Orion, according to the company.

"It's as if you wake up one morning and suddenly realize that a burglar has been going in and out of your house for the last six months", said Glenn Gerstall, who was the National Security Agency's general counsel from 2015 to 2020.

SolarWinds said in a regulatory disclosure it believed the attack was the work of an "outside nation state" that inserted malicious code into updates of its Orion network management software issued between March and June this year.

Texas GOP hints at secession in blistering statement following Supreme Court rejection
The Electoral College will meet to vote on December 14, officially making Biden president-elect of the United States. Texas filed the long-shot suit against the four states earlier this week directly with the Supreme Court.

The picture they paint points to sophisticated attackers, who "displayed a reasonable level of operational security throughout the attack, taking steps to wipe logs for various services used and to remove evidence of their commands from infected systems".

The Russian hackers are known to have an attempt to take the COVID-19's vaccine research in the past months since the first USA companies and agencies have worked together in response to the virus.

Russia denied responsibility with the Russian Embassy in Washington saying the allegations were "unfounded attempts of the USA media to blame Russia", The Wall Street Journal reported. However, in the intrusions FireEye has seen, this actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor. The company works widely with the federal government and hundreds of large US companies. The news hit several days after FireEye announced its own network was compromised and cyber exploits used to test client networks were stolen.

CISA also said that federal agencies using SolarWinds products should provide a completion report to the CISA by noon Monday.

We're likely still far from getting concrete information about how the attackers actually got into SolarWinds' systems, but the company's recent report to the U.S. Securities and Exchange Commission seems to point to Microsoft Office 365 account compromise as the initial vector.

"The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks", said CISA acting director Brandon Wales.

The incident is the latest in what has become a long list of suspected Russian electronic incursions into other nations - particularly the US - under President Vladimir Putin.

Share