Russian Hackers Have Stolen US Secrets

Some of The United States most deeply held secrets may have been stolen by Russian government hackers in a heavy multi-pronged attack which began with a breach at the Solar Winds IT vendor and swiftly extended to leading cyber security firm FireEye, who found that the software tools they use to protect major customers in the US government and major corporations had been weaponised and used to attack their customers. 

The US Cyber Infrastructure Security Agency (CIA) issued an emergency warning as events unfolded rapidly early this week. In the absence of any detailed information from official sources there is considerable debate about what might have been taken.

Could the hackers have obtained nuclear secrets or COVID-19 vaccine data or even Blueprints for next-generation weapons systems? 

It will take a long time to get the answers about what exactly has been taken and how this happened. The hackers are sophisticated and area able to hide their tracks and so some of the crime might not be exposed.  Cyber security experts say that the attack displays the tactics and techniques of Russia’s SVR foreign intelligence agency and a number of US government departments. including the Treasury and Commerce departments, were known to have been hacked via a commercial software update distributed to thousands of companies and government agencies worldwide.

 A Pentagon statement suggested it also used the software, saying that it had “issued guidance and directives to protect” its networks. It would not say, for “operational security reasons”, whether any of its systems may have been hacked. 

Hackers infiltrated US government agencies by infiltrating a malicious code on commercial network management software from SolarWinds, a leading network software and IT services company in March. This  campaign was discovered by the cyber security company FireEye when it found it had been hacked which it immediately disclosed when it alerted the FBI and other federal agencies on December 8th. 

A noted cyber security expert Thomas Rid, Professor in the Department of War Studies at King’s College London said the campaign’s can be compared to Russia’s three-year 1990s, Moonlight Maze hacking of US government targets, including NASA and the Pentagon. 

The US government has not said which agencies were hacked and no private-sector victims have made themselves know to date, although defence contractors and telecommunications companies have been popular targets with state-backed cyber spies. ​Like intelligence agents, nation-state hackers generally focus on the latest on weapons technologies and missile defense systems vital to national security. 

It is understood that the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

President Trump’s national security adviser, Robert O’Brien convened a top-level interagency meeting later this week and the White House has said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence. At a briefing for congressional staff  the DHS did not say how many agencies were hacked and the Trump administration has released very little information.

Critics have long complained that the Trump administration has failed to address cybersecurity threats, including a wave of ransomware attacks that have hobbled state and local governments and hospitals. “It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, an expert adviser to the Cyber Solarium Commission, which was created by Congress to fortify the nation’s cyber defenses. 

A senior FireEye executive Charles Carmakal said that the company was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organisations respond to their intrusions.” He did not name any, saying only that he expected many more to learn that they have been compromised. 

Carmakal also said that the hackers would have activated remote-access back doors only on targets sure to have prized data. It is manual, demanding work and moving networks around risks detection.

The SolarWinds campaign highlights the lack of mandatory minimum-security rules for commercial software used on federal computer networks. Zoom video conferencing software is another example. It was approved for use on federal computer networks last year, yet security experts found it was being exploitable by hackers, after federal workers sent home by the pandemic began using it.

It also the need for a National Cyber Director at the White House, a position subject to Senate confirmation. Congress approved such a position in a recently passed defense bill. 

Reuters:     Washington Times:        Security Week:       Independent:     

You Might Also Read:

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Business Cyber Security Spending In 2021
The End Of The American Cyber Empire »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Oodrive

Oodrive

Oodrive is a European leader in sensitive data management.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.