Russian Hackers Have Stolen US Secrets

Uploaded on 2020-12-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Some of The United States most deeply held secrets may have been stolen by Russian government hackers in a heavy multi-pronged attack which began with a breach at the Solar Winds IT vendor and swiftly extended to leading cyber security firm FireEye, who found that the software tools they use to protect major customers in the US government and major corporations had been weaponised and used to attack their customers. 

The US Cyber Infrastructure Security Agency (CIA) issued an emergency warning as events unfolded rapidly early this week. In the absence of any detailed information from official sources there is considerable debate about what might have been taken.

Could the hackers have obtained nuclear secrets or COVID-19 vaccine data or even Blueprints for next-generation weapons systems? 

It will take a long time to get the answers about what exactly has been taken and how this happened. The hackers are sophisticated and area able to hide their tracks and so some of the crime might not be exposed.  Cyber security experts say that the attack displays the tactics and techniques of Russia’s SVR foreign intelligence agency and a number of US government departments. including the Treasury and Commerce departments, were known to have been hacked via a commercial software update distributed to thousands of companies and government agencies worldwide.

 A Pentagon statement suggested it also used the software, saying that it had “issued guidance and directives to protect” its networks. It would not say, for “operational security reasons”, whether any of its systems may have been hacked. 

Hackers infiltrated US government agencies by infiltrating a malicious code on commercial network management software from SolarWinds, a leading network software and IT services company in March. This  campaign was discovered by the cyber security company FireEye when it found it had been hacked which it immediately disclosed when it alerted the FBI and other federal agencies on December 8th. 

A noted cyber security expert Thomas Rid, Professor in the Department of War Studies at King’s College London said the campaign’s can be compared to Russia’s three-year 1990s, Moonlight Maze hacking of US government targets, including NASA and the Pentagon. 

The US government has not said which agencies were hacked and no private-sector victims have made themselves know to date, although defence contractors and telecommunications companies have been popular targets with state-backed cyber spies. ​Like intelligence agents, nation-state hackers generally focus on the latest on weapons technologies and missile defense systems vital to national security. 

It is understood that the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

President Trump’s national security adviser, Robert O’Brien convened a top-level interagency meeting later this week and the White House has said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence. At a briefing for congressional staff  the DHS did not say how many agencies were hacked and the Trump administration has released very little information.

Critics have long complained that the Trump administration has failed to address cybersecurity threats, including a wave of ransomware attacks that have hobbled state and local governments and hospitals. “It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, an expert adviser to the Cyber Solarium Commission, which was created by Congress to fortify the nation’s cyber defenses. 

A senior FireEye executive Charles Carmakal said that the company was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organisations respond to their intrusions.” He did not name any, saying only that he expected many more to learn that they have been compromised. 

Carmakal also said that the hackers would have activated remote-access back doors only on targets sure to have prized data. It is manual, demanding work and moving networks around risks detection.

The SolarWinds campaign highlights the lack of mandatory minimum-security rules for commercial software used on federal computer networks. Zoom video conferencing software is another example. It was approved for use on federal computer networks last year, yet security experts found it was being exploitable by hackers, after federal workers sent home by the pandemic began using it.

It also the need for a National Cyber Director at the White House, a position subject to Senate confirmation. Congress approved such a position in a recently passed defense bill. 

Reuters:     Washington Times:        Security Week:       Independent:     

You Might Also Read:

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Business Cyber Security Spending In 2021
The End Of The American Cyber Empire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.