Major Cyber Attack On US Government Agencies Blamed On Russia

Uploaded on 2020-12-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The US government has been hit by a sophisticated hacking campaign that has affected top federal agencies and now US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government. "We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in a statement.

This is in contrast to President Trump, who has downplayed the attack's severity, saying it was "under control” and cast doubt on Russia's role, hinting at Chinese involvement.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. The latest cyber attacks included the Treasury, the Energy department and Commerce departments,alo apparently also targeted the agency responsible for the country’s nuclear weapons. The Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation, according to reports.

US authorities have expressed increasing alarm over the hack, widely suspected to be the work of Russia, warning that it poses “a grave risk” to federal, state and local governments, as well as “critical infrastructure entities”.

Hackers working for the Kremlin are believed to be behind breaches of US government computer systems at the departments of Treasury, Commerce and Homeland Security that may have lasted months before they were discovered,  Now there are concerns that cyber attacks may have penetrated other government departments as well as many leading private companies.

In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an "advanced persistent threat actor", beginning in at least March 2020. The actor behind the hacks "demonstrated patience, operational security, and complex tradecraft in these intrusions", it said.

CISA has not identified who they think was behind the attack, which agencies and organisations had been breached, or what information has been stolen or exposed.

Meanwhile, US President-elect Joe Biden has said he would make cyber security a "top priority" of his administration. "We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place... We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."

Not only US government agencies but leading private sector businesses are reported to have been attacked in the hacking campaign, which has been described as "significant and ongoing."

Microsoft says it has identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies and it is understood that  80% of these are located  in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

CISA said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds and it is understood that as many as 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in. All US federal civilian agencies have been told to remove SolarWinds from their servers earlier this week as a result of the hack.

CISA has detailed what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign. CISA is investigating incidents that exhibit adversary known operating methods and fingerprints consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. 

In its statement, CISA said it was investigating "evidence of additional access vectors, other than the SolarWinds Orion platform... CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organisations by an advanced persistent threat (APT) actor beginning in at least March 2020.... This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations”.

Neither CISA or the FBI have said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia, now confirmed by Secretary of State Pompeo. In a statement shared on social media, the Russian embassy in the US said it "does not conduct offensive operations in the cyber domain".

US-CERT:        Politico:         BBC:       BBC:     BBC:          Geekwire:        Guardian:   NPR:       Defense One

You Might Also Read:

The End Of The American Cyber Empire:

 

« You Should Prepare Your Organization For A DDoS Attack
Is This The Hack Of The Decade? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Valmet

Valmet

Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper and energy industries.