Major Cyber Attack On US Government Agencies Blamed On Russia

Uploaded on 2020-12-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The US government has been hit by a sophisticated hacking campaign that has affected top federal agencies and now US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government. "We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in a statement.

This is in contrast to President Trump, who has downplayed the attack's severity, saying it was "under control” and cast doubt on Russia's role, hinting at Chinese involvement.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. The latest cyber attacks included the Treasury, the Energy department and Commerce departments,alo apparently also targeted the agency responsible for the country’s nuclear weapons. The Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation, according to reports.

US authorities have expressed increasing alarm over the hack, widely suspected to be the work of Russia, warning that it poses “a grave risk” to federal, state and local governments, as well as “critical infrastructure entities”.

Hackers working for the Kremlin are believed to be behind breaches of US government computer systems at the departments of Treasury, Commerce and Homeland Security that may have lasted months before they were discovered,  Now there are concerns that cyber attacks may have penetrated other government departments as well as many leading private companies.

In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an "advanced persistent threat actor", beginning in at least March 2020. The actor behind the hacks "demonstrated patience, operational security, and complex tradecraft in these intrusions", it said.

CISA has not identified who they think was behind the attack, which agencies and organisations had been breached, or what information has been stolen or exposed.

Meanwhile, US President-elect Joe Biden has said he would make cyber security a "top priority" of his administration. "We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place... We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."

Not only US government agencies but leading private sector businesses are reported to have been attacked in the hacking campaign, which has been described as "significant and ongoing."

Microsoft says it has identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies and it is understood that  80% of these are located  in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

CISA said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds and it is understood that as many as 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in. All US federal civilian agencies have been told to remove SolarWinds from their servers earlier this week as a result of the hack.

CISA has detailed what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign. CISA is investigating incidents that exhibit adversary known operating methods and fingerprints consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. 

In its statement, CISA said it was investigating "evidence of additional access vectors, other than the SolarWinds Orion platform... CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organisations by an advanced persistent threat (APT) actor beginning in at least March 2020.... This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations”.

Neither CISA or the FBI have said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia, now confirmed by Secretary of State Pompeo. In a statement shared on social media, the Russian embassy in the US said it "does not conduct offensive operations in the cyber domain".

US-CERT:        Politico:         BBC:       BBC:     BBC:          Geekwire:        Guardian:   NPR:       Defense One

You Might Also Read:

The End Of The American Cyber Empire:

 

« You Should Prepare Your Organization For A DDoS Attack
Is This The Hack Of The Decade? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Cybermindz

Cybermindz

Many cyber security professionals are under sustained and increasing stress. We set about providing direct support to restore and rebuild emotional and cognitive health.