Russian Hackers Have Stolen US Secrets

Uploaded on 2020-12-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Some of The United States most deeply held secrets may have been stolen by Russian government hackers in a heavy multi-pronged attack which began with a breach at the Solar Winds IT vendor and swiftly extended to leading cyber security firm FireEye, who found that the software tools they use to protect major customers in the US government and major corporations had been weaponised and used to attack their customers. 

The US Cyber Infrastructure Security Agency (CIA) issued an emergency warning as events unfolded rapidly early this week. In the absence of any detailed information from official sources there is considerable debate about what might have been taken.

Could the hackers have obtained nuclear secrets or COVID-19 vaccine data or even Blueprints for next-generation weapons systems? 

It will take a long time to get the answers about what exactly has been taken and how this happened. The hackers are sophisticated and area able to hide their tracks and so some of the crime might not be exposed.  Cyber security experts say that the attack displays the tactics and techniques of Russia’s SVR foreign intelligence agency and a number of US government departments. including the Treasury and Commerce departments, were known to have been hacked via a commercial software update distributed to thousands of companies and government agencies worldwide.

 A Pentagon statement suggested it also used the software, saying that it had “issued guidance and directives to protect” its networks. It would not say, for “operational security reasons”, whether any of its systems may have been hacked. 

Hackers infiltrated US government agencies by infiltrating a malicious code on commercial network management software from SolarWinds, a leading network software and IT services company in March. This  campaign was discovered by the cyber security company FireEye when it found it had been hacked which it immediately disclosed when it alerted the FBI and other federal agencies on December 8th. 

A noted cyber security expert Thomas Rid, Professor in the Department of War Studies at King’s College London said the campaign’s can be compared to Russia’s three-year 1990s, Moonlight Maze hacking of US government targets, including NASA and the Pentagon. 

The US government has not said which agencies were hacked and no private-sector victims have made themselves know to date, although defence contractors and telecommunications companies have been popular targets with state-backed cyber spies. ​Like intelligence agents, nation-state hackers generally focus on the latest on weapons technologies and missile defense systems vital to national security. 

It is understood that the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

President Trump’s national security adviser, Robert O’Brien convened a top-level interagency meeting later this week and the White House has said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence. At a briefing for congressional staff  the DHS did not say how many agencies were hacked and the Trump administration has released very little information.

Critics have long complained that the Trump administration has failed to address cybersecurity threats, including a wave of ransomware attacks that have hobbled state and local governments and hospitals. “It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, an expert adviser to the Cyber Solarium Commission, which was created by Congress to fortify the nation’s cyber defenses. 

A senior FireEye executive Charles Carmakal said that the company was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organisations respond to their intrusions.” He did not name any, saying only that he expected many more to learn that they have been compromised. 

Carmakal also said that the hackers would have activated remote-access back doors only on targets sure to have prized data. It is manual, demanding work and moving networks around risks detection.

The SolarWinds campaign highlights the lack of mandatory minimum-security rules for commercial software used on federal computer networks. Zoom video conferencing software is another example. It was approved for use on federal computer networks last year, yet security experts found it was being exploitable by hackers, after federal workers sent home by the pandemic began using it.

It also the need for a National Cyber Director at the White House, a position subject to Senate confirmation. Congress approved such a position in a recently passed defense bill. 

Reuters:     Washington Times:        Security Week:       Independent:     

You Might Also Read:

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Business Cyber Security Spending In 2021
The End Of The American Cyber Empire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

Avatar Managed Services

Avatar Managed Services

Avatar offers proven, process driven IT support to companies who want to utilize their technology to their best advantage.