Major Cyber Attack On US Government Agencies Blamed On Russia

Uploaded on 2020-12-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The US government has been hit by a sophisticated hacking campaign that has affected top federal agencies and now US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government. "We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in a statement.

This is in contrast to President Trump, who has downplayed the attack's severity, saying it was "under control” and cast doubt on Russia's role, hinting at Chinese involvement.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. The latest cyber attacks included the Treasury, the Energy department and Commerce departments,alo apparently also targeted the agency responsible for the country’s nuclear weapons. The Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation, according to reports.

US authorities have expressed increasing alarm over the hack, widely suspected to be the work of Russia, warning that it poses “a grave risk” to federal, state and local governments, as well as “critical infrastructure entities”.

Hackers working for the Kremlin are believed to be behind breaches of US government computer systems at the departments of Treasury, Commerce and Homeland Security that may have lasted months before they were discovered,  Now there are concerns that cyber attacks may have penetrated other government departments as well as many leading private companies.

In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an "advanced persistent threat actor", beginning in at least March 2020. The actor behind the hacks "demonstrated patience, operational security, and complex tradecraft in these intrusions", it said.

CISA has not identified who they think was behind the attack, which agencies and organisations had been breached, or what information has been stolen or exposed.

Meanwhile, US President-elect Joe Biden has said he would make cyber security a "top priority" of his administration. "We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place... We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."

Not only US government agencies but leading private sector businesses are reported to have been attacked in the hacking campaign, which has been described as "significant and ongoing."

Microsoft says it has identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies and it is understood that  80% of these are located  in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

CISA said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds and it is understood that as many as 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in. All US federal civilian agencies have been told to remove SolarWinds from their servers earlier this week as a result of the hack.

CISA has detailed what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign. CISA is investigating incidents that exhibit adversary known operating methods and fingerprints consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. 

In its statement, CISA said it was investigating "evidence of additional access vectors, other than the SolarWinds Orion platform... CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organisations by an advanced persistent threat (APT) actor beginning in at least March 2020.... This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations”.

Neither CISA or the FBI have said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia, now confirmed by Secretary of State Pompeo. In a statement shared on social media, the Russian embassy in the US said it "does not conduct offensive operations in the cyber domain".

US-CERT:        Politico:         BBC:       BBC:     BBC:          Geekwire:        Guardian:   NPR:       Defense One

You Might Also Read:

The End Of The American Cyber Empire:

 

« You Should Prepare Your Organization For A DDoS Attack
Is This The Hack Of The Decade? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.