US federal officials have warned that the scale of a sophisticated cyber-attack on the US government which was reported this week is much bigger than first anticipated.
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) within the US Department of Homeland Security (DHS) said that the scope of the hacking extended beyond nuclear laboratories and the Defence, Treasury, and Commerce Department systems, and that it included “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.” The body further warned that the cyber offensive “poses a grave risk to the federal government”.
The widespread nature of the hacking campaign—which, reports suggest began as early as March—is complicating federal investigations aimed at assessing the damage done and understanding what has been stolen. Microsoft Chief Brad Smith in a blog post said that the company had identified at least 40 firms, government agencies, and think tanks that were affected by the breach, of which nearly 50% were private tech companies and cybersecurity firms.
“It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially,” Smith said in an interview on Thursday. “There are more nongovernmental victims than there are governmental victims, with a big focus on IT companies, especially in the security industry.”
The hackers reportedly infected software updates issued by a company called SolarWinds, which is used by the government, Fortune 500 companies, and those that handle critical infrastructure, including the power grid.
Although the US Department of Energy and its National Nuclear Security Administration, which maintains America’s nuclear stockpile, were compromised in the attack, a government probe found that it did not affect “mission-essential national security functions,” and that it had been “isolated to business networks only.”
However, the extent and depth of the hacking appear to have sparked some sense of urgency within the government to strengthen cybersecurity frameworks to ensure that such breaches do not happen again. CISA noted that the intrusions were “sophisticated and complex” and that “removing the threat actor from the compromised environments will be highly complex and challenging.”
Though CISA has not explicitly stated who it believes is behind the attacks, many have pointed to Russia. “The magnitude of this ongoing attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert said in a piece for The New York Times on Thursday. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”
Russia, however, has strongly dismissed the accusations. “Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away. We have nothing to do with this,” Russian presidential spokesman Dmitry Peskov told Russian news agency TASS.
President Donald Trump has not yet addressed the matter. However, US President-elect Joe Biden issued a statement on Thursday wherein he vowed to make cybersecurity a key area of focus of his administration, and punish those responsible.
“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said.
US Officials Say Russian Hack Against US Government Puts it at “Grave Risk”
The hackers reportedly infected software updates issued by a company called SolarWinds, which is used by the government, Fortune 500 companies, as well as firms that handle critical infrastructure.
December 19, 2020
SOURCE: CNN