US Government Agencies Under Attack

Uploaded on 2020-12-14 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed only a few days after US officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. 

The FBI and the Department of Homeland Security's cybersecurity arm are investigating what experts say appeared to be a large-scale penetration of US government agencies.

The US has been issued with an emergency warning that nation-state hackers have weaponise software used by almost all Fortune 500 companies and many federal agencies, and a lot of other companies.

US government agencies have been hacked by attackers that used a flaw in up-dated software. The attack was on SolarWinds systems which have been hacked, the company has revealed. These systems are the ones used by government within the Treasury and Commerce Departments that are system monitoring products it released in earlier this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive, in response to SolarWinds Orion products that are currently being hacked by malicious actors. 

This Emergency Directive now calls on all federal civilian agencies to review their cyber networks for any effects of hacks and to disconnect or power down SolarWinds Orion products immediately.  “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks... Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners, in the public and private sectors, to assess their exposure to this compromise and to secure their networks against any exploitation.” a CISA spokesman said.

This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.  

The statement came as the US intelligence community is urgently investigating breaches at several government agencies. 

The breach, which is currently believed to be the work of Russian state-sponsored hackers, is similar to the recent attack on leading cyber security firm FireEye which said it had fallen victim to recent hack. FireEye now says is has found many other victims including government, consulting, technology, telecom and extractive entities in US, EU, Europe, Asia and the Middle East.

FireEye disclosed that sophisticated attackers had breached its internal systems and targeted the data of its government customers, though there was no evidence that any government information was stolen, however, the hackers did loot tools that could be used in attacks against other organisations.

FireEye said it believed the hacking campaign “may have begun as early as spring 2020 and is currently ongoing” after hackers managed to insert malware into SolarWinds software updates.

SolarWinds:      CISA:      Reuters:       Bloomberg:       USNews:       ABC7:    

You Might Also Read:

FireEye Attacked By A Foreign Government:

 

« Facebook Could Be Broken Up
Ethiopian Telecoms System Has Critical Security Flaws »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.

StrongDM

StrongDM

StrongDM is the leader in Zero Trust Privileged Access Management (PAM).