Cyber Attacks On US Government - New Evidence

Uploaded on 2021-01-04 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The wide ranging and successful cyber attacks on US government agencies and numerous private companies, including Microsoft, widely believed to have been undertaken by state-sponsored Russian hackers which was  first reported in December 2020, may in fact have begun much earlier. 

US investigators originally thought that the attacks on government agencies and private industry targets began in March or April 2020, including breaches of Treasury, State, Commerce and Energy Departments. The Treasury and Commerce departments were both confirmed as having been affected and others may have been breached. 

The hack, which may still be ongoing, appears to have begun as long ago as October 2019, when hackers first breached the Texas software company SolarWinds, which provides technology monitoring services to government agencies and 425 of the Fortune 500 companies. The hacking campaign entered US government and private systems by surreptitiously tampering  with and inserting malware into  updates released by SolarWinds. 

The attacks work by hiding malicious code in the body of legitimate software updates that are provided to the hacking targets by third parties. That malicious code gave the highly professional hackers remote access to an organization’s networks so they could steal information. State-backed Russian hackers were identified as the suspects, although Russia has firmly denied any involvement.

Microsoft said that the hackers were unable to get into emails or its products and services and that they were not able to modify the company's vital  source code which they were able to view, Microsoft did not say how long hackers were inside its networks and initially denied that it was breached in the attack.

Hackers gained entry into networks by getting more than 18,000 private and government users to download a tainted software update. Once inside, they were able to monitor internal emails at some of the top agencies in the US. “We still don’t have for the private sector, or for that matter the public sector, any mandatory reporting” on major hacking incidents, said senator Mark  Warner, Vice-Chair of the Senate Intelligence Committee  said. “The amount of time it’s taking to assess the (latest) attack, it is taking longer than we would like to take,” he added. Warner also said the lack of US laws and policy to counter such major hacks is the product of a “lack of policy" that precedes the Trump administration. 

The massive data breach, revealed in the final weeks of Trump's administration is a dramatic finale for the Trump Presidency which has been accused of excessive deference to Russia and unsuccessful attempts to warm relations with President, Vladimir Putin. "There has been obviously a reluctance out of this White House to call out Russia repeatedly.... I don’t believe that is a problem of the intelligence community. I think that is a problem of the White House" Senator Warner told reporters.

This large scale and sophisticated operation is perhaps the biggest known cyber attack against against US federal government networks in years. 

New York Times:      CNN:      Yahoo:        Guardian:          Reuters:

You Might Also Read:

Is This The Hack Of The Decade?:

 

« Cyber Security In 2021 - Predictions & Trends
Six Big Features Of Cyber Security In 2021 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Support Link Technologies (SLT)

Support Link Technologies (SLT)

Support Link Technologies are an IT Solutions Company committed to achieving customer satisfaction through excellent customer service.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.