Cyber Attacks On US Government - New Evidence

Uploaded on 2021-01-04 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The wide ranging and successful cyber attacks on US government agencies and numerous private companies, including Microsoft, widely believed to have been undertaken by state-sponsored Russian hackers which was  first reported in December 2020, may in fact have begun much earlier. 

US investigators originally thought that the attacks on government agencies and private industry targets began in March or April 2020, including breaches of Treasury, State, Commerce and Energy Departments. The Treasury and Commerce departments were both confirmed as having been affected and others may have been breached. 

The hack, which may still be ongoing, appears to have begun as long ago as October 2019, when hackers first breached the Texas software company SolarWinds, which provides technology monitoring services to government agencies and 425 of the Fortune 500 companies. The hacking campaign entered US government and private systems by surreptitiously tampering  with and inserting malware into  updates released by SolarWinds. 

The attacks work by hiding malicious code in the body of legitimate software updates that are provided to the hacking targets by third parties. That malicious code gave the highly professional hackers remote access to an organization’s networks so they could steal information. State-backed Russian hackers were identified as the suspects, although Russia has firmly denied any involvement.

Microsoft said that the hackers were unable to get into emails or its products and services and that they were not able to modify the company's vital  source code which they were able to view, Microsoft did not say how long hackers were inside its networks and initially denied that it was breached in the attack.

Hackers gained entry into networks by getting more than 18,000 private and government users to download a tainted software update. Once inside, they were able to monitor internal emails at some of the top agencies in the US. “We still don’t have for the private sector, or for that matter the public sector, any mandatory reporting” on major hacking incidents, said senator Mark  Warner, Vice-Chair of the Senate Intelligence Committee  said. “The amount of time it’s taking to assess the (latest) attack, it is taking longer than we would like to take,” he added. Warner also said the lack of US laws and policy to counter such major hacks is the product of a “lack of policy" that precedes the Trump administration. 

The massive data breach, revealed in the final weeks of Trump's administration is a dramatic finale for the Trump Presidency which has been accused of excessive deference to Russia and unsuccessful attempts to warm relations with President, Vladimir Putin. "There has been obviously a reluctance out of this White House to call out Russia repeatedly.... I don’t believe that is a problem of the intelligence community. I think that is a problem of the White House" Senator Warner told reporters.

This large scale and sophisticated operation is perhaps the biggest known cyber attack against against US federal government networks in years. 

New York Times:      CNN:      Yahoo:        Guardian:          Reuters:

You Might Also Read:

Is This The Hack Of The Decade?:

 

« Cyber Security In 2021 - Predictions & Trends
Six Big Features Of Cyber Security In 2021 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Gcore

Gcore

Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.