Russian Hackers Have Stolen US Secrets

Uploaded on 2020-12-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Some of The United States most deeply held secrets may have been stolen by Russian government hackers in a heavy multi-pronged attack which began with a breach at the Solar Winds IT vendor and swiftly extended to leading cyber security firm FireEye, who found that the software tools they use to protect major customers in the US government and major corporations had been weaponised and used to attack their customers. 

The US Cyber Infrastructure Security Agency (CIA) issued an emergency warning as events unfolded rapidly early this week. In the absence of any detailed information from official sources there is considerable debate about what might have been taken.

Could the hackers have obtained nuclear secrets or COVID-19 vaccine data or even Blueprints for next-generation weapons systems? 

It will take a long time to get the answers about what exactly has been taken and how this happened. The hackers are sophisticated and area able to hide their tracks and so some of the crime might not be exposed.  Cyber security experts say that the attack displays the tactics and techniques of Russia’s SVR foreign intelligence agency and a number of US government departments. including the Treasury and Commerce departments, were known to have been hacked via a commercial software update distributed to thousands of companies and government agencies worldwide.

 A Pentagon statement suggested it also used the software, saying that it had “issued guidance and directives to protect” its networks. It would not say, for “operational security reasons”, whether any of its systems may have been hacked. 

Hackers infiltrated US government agencies by infiltrating a malicious code on commercial network management software from SolarWinds, a leading network software and IT services company in March. This  campaign was discovered by the cyber security company FireEye when it found it had been hacked which it immediately disclosed when it alerted the FBI and other federal agencies on December 8th. 

A noted cyber security expert Thomas Rid, Professor in the Department of War Studies at King’s College London said the campaign’s can be compared to Russia’s three-year 1990s, Moonlight Maze hacking of US government targets, including NASA and the Pentagon. 

The US government has not said which agencies were hacked and no private-sector victims have made themselves know to date, although defence contractors and telecommunications companies have been popular targets with state-backed cyber spies. ​Like intelligence agents, nation-state hackers generally focus on the latest on weapons technologies and missile defense systems vital to national security. 

It is understood that the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

President Trump’s national security adviser, Robert O’Brien convened a top-level interagency meeting later this week and the White House has said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence. At a briefing for congressional staff  the DHS did not say how many agencies were hacked and the Trump administration has released very little information.

Critics have long complained that the Trump administration has failed to address cybersecurity threats, including a wave of ransomware attacks that have hobbled state and local governments and hospitals. “It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, an expert adviser to the Cyber Solarium Commission, which was created by Congress to fortify the nation’s cyber defenses. 

A senior FireEye executive Charles Carmakal said that the company was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organisations respond to their intrusions.” He did not name any, saying only that he expected many more to learn that they have been compromised. 

Carmakal also said that the hackers would have activated remote-access back doors only on targets sure to have prized data. It is manual, demanding work and moving networks around risks detection.

The SolarWinds campaign highlights the lack of mandatory minimum-security rules for commercial software used on federal computer networks. Zoom video conferencing software is another example. It was approved for use on federal computer networks last year, yet security experts found it was being exploitable by hackers, after federal workers sent home by the pandemic began using it.

It also the need for a National Cyber Director at the White House, a position subject to Senate confirmation. Congress approved such a position in a recently passed defense bill. 

Reuters:     Washington Times:        Security Week:       Independent:     

You Might Also Read:

Russian Turla Hackers Specialise In Attacking  Government Agencies:

 

« Business Cyber Security Spending In 2021
The End Of The American Cyber Empire »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

Data Privacy Office (DPO) - Belarus

Data Privacy Office (DPO) - Belarus

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Cybervergent

Cybervergent

Cybervergent (formerly Infoprive) are a leading cybersecurity technology company in Africa. We provide cybersecurity guidance and solutions that help protect your business.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.

Deimos

Deimos

Deimos is a technology, cloud, hybrid and multi-cloud focused, professional services company. Our expertise and focus is on cloud native Developer and Security Operations.

Faddom

Faddom

Faddom is an agentless tool that visualizes your on-premises and cloud infrastructure, as well as their inter-dependencies.