According to reports, hackers associated with the Russian government succeeded in hacking multiple US government agencies in what could – or perhaps ever have been – the biggest hack of government systems since the Obama administration.
Malware inserted into third-party software may have given hackers access to various government systems for months. It went undetected until last week when a cybersecurity company that makes hacking tools discovered that its own systems had been breached.
Security agencies are currently assessing exactly which departments have been breached and what information has been accessed. So far, the Department of Commerce has confirmed that it has been hacked, and the Treasury and State Departments, Department of Homeland Security, parts of the Pentagon and the National Institutes of Health are believed to have been affected. There will probably be more.
According to anonymous officials, the hackers are a Russian group called Cozy Bear, also known as APT29. It was also the reason for the hack by the Democratic National Committee and Hillary Clinton Campaign staff during their 2016 campaign, as well as the 2014 hack of the White House and State Department unclassified networks. Cozy Bear is also believed to be behind recent attacks on various organizations developing Covid-19 vaccines. The group is linked to Russian intelligence, although Russia has denied any involvement – a position it now maintains.
“Malicious activity in the information space contradicts the principles of Russian foreign policy, national interests and our understanding of international relations,” the Russian embassy said in a statement. “Russia is not conducting offensive cyber operations.”
The Trump administration was initially reluctant to officially say much about the hack or blame a particular country. Secretary of State Mike Pompeo told Breitbart Radio News on Monday that Russia may be behind this, but possibly China or North Korea as well.
Democrats had more to say. Illinois Senator Dick Durbin called it “practically a declaration of war by Russia on the United States,” while Senator Richard Blumenthal (D-CT) said the classified information he received about “Russia’s cyber attack” left him “deeply alarmed “back fact downright scared. ”
Senator Mitt Romney (R-UT) came forward Thursday to compare the attack with “Russian bombers … repeatedly flying undetected across our country”. He criticized America’s “obviously inadequate” cybersecurity defenses and the president’s “inexcusable silence and inaction” in response.
Following these allegations by the senators, Pompeo had become more definitive by the end of the week.
“We can say pretty clearly that it was the Russians who took part in this activity,” he said in an interview on Friday.
However, President Donald Trump appeared to have received different information than anyone else. In his initial comments on the hack, almost a week after it was first reported, Trump tweeted that it was overdone and “under control” in the press, adding that China “may” be behind it and that the hack may be behind it is stuck with affected voting machines in the election that he falsely still insists he has won.
But Trump’s former Homeland Security adviser Thomas Bossert said in a statement to the New York Times that “the scale of this ongoing attack is difficult to exaggerate” and that it would take years to understand how widespread and harmful it was.
The hacks are believed to have started last March via network monitoring software called Orion Platform, made by a Texan company called SolarWinds. According to SolarWinds, the company has more than 300,000 customers worldwide, including the American military, the Pentagon, the Department of Justice, the State Department, the Commerce and Finance departments, and more than 400 Fortune 500 companies (the webpage with this listing was displayed) an error message up to Monday afternoon).
But not all of these customers used the Orion platform. According to the Washington Post, fewer than 18,000 customers are potentially affected, according to SolarWinds. The hackers were somehow able to inject malware into software updates that gave hackers access to those systems after they were installed.
FireEye, a cybersecurity company that was also a victim of the SolarWinds hack, has named this malware “SUNBURST”. (Microsoft called it “Solorigate”.) FireEye announced last week that it was under attack “by a nation with world-class offensive capabilities” and reportedly was the first to detect the hack – apparently not the government agencies charged with protecting it Country’s cybersecurity infrastructure.
SolarWinds has now released software updates that address the vulnerability and “apologizes for any inconvenience.”
The commercial department was one of the first to confirm this a violation of one of its agencies but did not specify which one was hit. Citing anonymous sources, Reuters reported that the national telecommunications and information administration was the affected agency and that hackers have had access to employee emails for months. The Department of Energy also said it found malware on its corporate networks but did not affect the mission’s “essential national security functions.”
The Ministries of Finance, State, Agriculture and Homeland Security and the National Institutes of Health are believed to be affected as well, but they have not officially confirmed whether it is. How extensive the hacks were or which systems were affected in these departments was also not published.
The Agency for Cybersecurity and Infrastructure Security (CISA) issued an emergency policy on December 13th to civil federal agencies to immediately disconnect affected products from their networks.
“The NSC is working closely with CISA, FBI, the intelligence community, and affected departments and agencies to coordinate the rapid and effective restoration of the entire government and response to the recent compromise,” said John Ullyot, spokesman for the National Security Council in an explanation.
Unlike the current president, President-elect Joe Biden responded quickly and insistently to the news of the hack.
“My administration will give top priority to cybersecurity at all levels of government – and we will make dealing with this breach a top priority from the moment we take office,” Biden said in a statement on Thursday. “We have to disrupt our opponents and prevent them from carrying out significant cyber attacks in the first place. We will do this by, among other things, imposing significant costs on those responsible for such malicious attacks, also in coordination with our allies and partners. Our opponents should know that, as President, I will not stand idly by in the face of cyber attacks on our nation. “
Open Sourced is made possible by Omidyar Network. All open sourced content is editorially independent and is produced by our journalists.