Russian Hackers Have Stolen US Secrets

Uploaded on 2020-12-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Some of The United States most deeply held secrets may have been stolen by Russian government hackers in a heavy multi-pronged attack which began with a breach at the Solar Winds IT vendor and swiftly extended to leading cyber security firm FireEye, who found that the software tools they use to protect major customers in the US government and major corporations had been weaponised and used to attack their customers. 

The US Cyber Infrastructure Security Agency (CIA) issued an emergency warning as events unfolded rapidly early this week. In the absence of any detailed information from official sources there is considerable debate about what might have been taken.

Could the hackers have obtained nuclear secrets or COVID-19 vaccine data or even Blueprints for next-generation weapons systems? 

It will take a long time to get the answers about what exactly has been taken and how this happened. The hackers are sophisticated and area able to hide their tracks and so some of the crime might not be exposed.  Cyber security experts say that the attack displays the tactics and techniques of Russia’s SVR foreign intelligence agency and a number of US government departments. including the Treasury and Commerce departments, were known to have been hacked via a commercial software update distributed to thousands of companies and government agencies worldwide.

 A Pentagon statement suggested it also used the software, saying that it had “issued guidance and directives to protect” its networks. It would not say, for “operational security reasons”, whether any of its systems may have been hacked. 

Hackers infiltrated US government agencies by infiltrating a malicious code on commercial network management software from SolarWinds, a leading network software and IT services company in March. This  campaign was discovered by the cyber security company FireEye when it found it had been hacked which it immediately disclosed when it alerted the FBI and other federal agencies on December 8th. 

A noted cyber security expert Thomas Rid, Professor in the Department of War Studies at King’s College London said the campaign’s can be compared to Russia’s three-year 1990s, Moonlight Maze hacking of US government targets, including NASA and the Pentagon. 

The US government has not said which agencies were hacked and no private-sector victims have made themselves know to date, although defence contractors and telecommunications companies have been popular targets with state-backed cyber spies. ​Like intelligence agents, nation-state hackers generally focus on the latest on weapons technologies and missile defense systems vital to national security. 

It is understood that the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

President Trump’s national security adviser, Robert O’Brien convened a top-level interagency meeting later this week and the White House has said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence. At a briefing for congressional staff  the DHS did not say how many agencies were hacked and the Trump administration has released very little information.

Critics have long complained that the Trump administration has failed to address cybersecurity threats, including a wave of ransomware attacks that have hobbled state and local governments and hospitals. “It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, an expert adviser to the Cyber Solarium Commission, which was created by Congress to fortify the nation’s cyber defenses. 

A senior FireEye executive Charles Carmakal said that the company was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organisations respond to their intrusions.” He did not name any, saying only that he expected many more to learn that they have been compromised. 

Carmakal also said that the hackers would have activated remote-access back doors only on targets sure to have prized data. It is manual, demanding work and moving networks around risks detection.

The SolarWinds campaign highlights the lack of mandatory minimum-security rules for commercial software used on federal computer networks. Zoom video conferencing software is another example. It was approved for use on federal computer networks last year, yet security experts found it was being exploitable by hackers, after federal workers sent home by the pandemic began using it.

It also the need for a National Cyber Director at the White House, a position subject to Senate confirmation. Congress approved such a position in a recently passed defense bill. 

Reuters:     Washington Times:        Security Week:       Independent:     

You Might Also Read:

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Business Cyber Security Spending In 2021
The End Of The American Cyber Empire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Cleafy

Cleafy

Cleafy protects web and mobile applications from tampering attempts and deploys countermeasures to guarantee data and content integrity at scale.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.