Major Cyber Attack On US Government Agencies Blamed On Russia

Uploaded on 2020-12-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The US government has been hit by a sophisticated hacking campaign that has affected top federal agencies and now US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government. "We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in a statement.

This is in contrast to President Trump, who has downplayed the attack's severity, saying it was "under control” and cast doubt on Russia's role, hinting at Chinese involvement.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. The latest cyber attacks included the Treasury, the Energy department and Commerce departments,alo apparently also targeted the agency responsible for the country’s nuclear weapons. The Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation, according to reports.

US authorities have expressed increasing alarm over the hack, widely suspected to be the work of Russia, warning that it poses “a grave risk” to federal, state and local governments, as well as “critical infrastructure entities”.

Hackers working for the Kremlin are believed to be behind breaches of US government computer systems at the departments of Treasury, Commerce and Homeland Security that may have lasted months before they were discovered,  Now there are concerns that cyber attacks may have penetrated other government departments as well as many leading private companies.

In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an "advanced persistent threat actor", beginning in at least March 2020. The actor behind the hacks "demonstrated patience, operational security, and complex tradecraft in these intrusions", it said.

CISA has not identified who they think was behind the attack, which agencies and organisations had been breached, or what information has been stolen or exposed.

Meanwhile, US President-elect Joe Biden has said he would make cyber security a "top priority" of his administration. "We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place... We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."

Not only US government agencies but leading private sector businesses are reported to have been attacked in the hacking campaign, which has been described as "significant and ongoing."

Microsoft says it has identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies and it is understood that  80% of these are located  in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

CISA said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds and it is understood that as many as 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in. All US federal civilian agencies have been told to remove SolarWinds from their servers earlier this week as a result of the hack.

CISA has detailed what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign. CISA is investigating incidents that exhibit adversary known operating methods and fingerprints consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. 

In its statement, CISA said it was investigating "evidence of additional access vectors, other than the SolarWinds Orion platform... CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organisations by an advanced persistent threat (APT) actor beginning in at least March 2020.... This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations”.

Neither CISA or the FBI have said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia, now confirmed by Secretary of State Pompeo. In a statement shared on social media, the Russian embassy in the US said it "does not conduct offensive operations in the cyber domain".

US-CERT:        Politico:         BBC:       BBC:     BBC:          Geekwire:        Guardian:   NPR:       Defense One

You Might Also Read:

The End Of The American Cyber Empire:

 

« You Should Prepare Your Organization For A DDoS Attack
Is This The Hack Of The Decade? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

Validia

Validia

Validia is a deepfake cybersecurity service that provides proactive and reactive defense to the deepfake threat enterprises increasingly face with the rapid growth of generative AI.