US Government Agencies Under Attack

Uploaded on 2020-12-14 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed only a few days after US officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. 

The FBI and the Department of Homeland Security's cybersecurity arm are investigating what experts say appeared to be a large-scale penetration of US government agencies.

The US has been issued with an emergency warning that nation-state hackers have weaponise software used by almost all Fortune 500 companies and many federal agencies, and a lot of other companies.

US government agencies have been hacked by attackers that used a flaw in up-dated software. The attack was on SolarWinds systems which have been hacked, the company has revealed. These systems are the ones used by government within the Treasury and Commerce Departments that are system monitoring products it released in earlier this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive, in response to SolarWinds Orion products that are currently being hacked by malicious actors. 

This Emergency Directive now calls on all federal civilian agencies to review their cyber networks for any effects of hacks and to disconnect or power down SolarWinds Orion products immediately.  “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks... Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners, in the public and private sectors, to assess their exposure to this compromise and to secure their networks against any exploitation.” a CISA spokesman said.

This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.  

The statement came as the US intelligence community is urgently investigating breaches at several government agencies. 

The breach, which is currently believed to be the work of Russian state-sponsored hackers, is similar to the recent attack on leading cyber security firm FireEye which said it had fallen victim to recent hack. FireEye now says is has found many other victims including government, consulting, technology, telecom and extractive entities in US, EU, Europe, Asia and the Middle East.

FireEye disclosed that sophisticated attackers had breached its internal systems and targeted the data of its government customers, though there was no evidence that any government information was stolen, however, the hackers did loot tools that could be used in attacks against other organisations.

FireEye said it believed the hacking campaign “may have begun as early as spring 2020 and is currently ongoing” after hackers managed to insert malware into SolarWinds software updates.

SolarWinds:      CISA:      Reuters:       Bloomberg:       USNews:       ABC7:    

You Might Also Read:

FireEye Attacked By A Foreign Government:

 

« Facebook Could Be Broken Up
Ethiopian Telecoms System Has Critical Security Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

RST Cloud

RST Cloud

RST Cloud is a cutting-edge technology company that specialises in threat intelligence solutions for businesses of all sizes.