Major Cyber Attack On US Government Agencies Blamed On Russia

Uploaded on 2020-12-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The US government has been hit by a sophisticated hacking campaign that has affected top federal agencies and now US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government. "We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in a statement.

This is in contrast to President Trump, who has downplayed the attack's severity, saying it was "under control” and cast doubt on Russia's role, hinting at Chinese involvement.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. The latest cyber attacks included the Treasury, the Energy department and Commerce departments,alo apparently also targeted the agency responsible for the country’s nuclear weapons. The Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation, according to reports.

US authorities have expressed increasing alarm over the hack, widely suspected to be the work of Russia, warning that it poses “a grave risk” to federal, state and local governments, as well as “critical infrastructure entities”.

Hackers working for the Kremlin are believed to be behind breaches of US government computer systems at the departments of Treasury, Commerce and Homeland Security that may have lasted months before they were discovered,  Now there are concerns that cyber attacks may have penetrated other government departments as well as many leading private companies.

In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an "advanced persistent threat actor", beginning in at least March 2020. The actor behind the hacks "demonstrated patience, operational security, and complex tradecraft in these intrusions", it said.

CISA has not identified who they think was behind the attack, which agencies and organisations had been breached, or what information has been stolen or exposed.

Meanwhile, US President-elect Joe Biden has said he would make cyber security a "top priority" of his administration. "We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place... We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."

Not only US government agencies but leading private sector businesses are reported to have been attacked in the hacking campaign, which has been described as "significant and ongoing."

Microsoft says it has identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies and it is understood that  80% of these are located  in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

CISA said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds and it is understood that as many as 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in. All US federal civilian agencies have been told to remove SolarWinds from their servers earlier this week as a result of the hack.

CISA has detailed what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign. CISA is investigating incidents that exhibit adversary known operating methods and fingerprints consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. 

In its statement, CISA said it was investigating "evidence of additional access vectors, other than the SolarWinds Orion platform... CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organisations by an advanced persistent threat (APT) actor beginning in at least March 2020.... This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations”.

Neither CISA or the FBI have said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia, now confirmed by Secretary of State Pompeo. In a statement shared on social media, the Russian embassy in the US said it "does not conduct offensive operations in the cyber domain".

US-CERT:        Politico:         BBC:       BBC:     BBC:          Geekwire:        Guardian:   NPR:       Defense One

You Might Also Read:

The End Of The American Cyber Empire:

 

« You Should Prepare Your Organization For A DDoS Attack
Is This The Hack Of The Decade? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

AZCOMP Technologies

AZCOMP Technologies

AZCOMP provide professional network security consulting services as well as network security auditing and assessments.