Less than a week after U.S. cybersecurity firm FireEye reports that they’ve been hacked, the U.S. discovers that Russian hackers have infiltrated multiple U.S. agencies. The hack is reported on Sunday but might have taken place all the way back in March.
At the time of this file’s last update, breaches have been found at Homeland Security, the Pentagon, and the Departments of Agriculture, Commerce, Energy, State, and Treasury. Early reports can only verify that the hackers are monitoring email communications within those departments. This is the second time in five years we’ve caught the Kremlin inside the Treasury.
Hackers breached the agencies (and companies like Microsoft) through a network management system called SolarWinds. In addition to the agencies where breaches are identified, SolarWinds is used by the White House, National Security Agency, the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, all five branches of the U.S. military, and 425 of the corporations that make up the Fortune 500.
The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds… The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.
Reuters
Cyber attacks on government agencies and U.S. hospitals began months ago, but — as far as we know — only hospital systems had been breached before now.
Organizations in other countries around the globe may also have been compromised through the FireEye / SolarWinds hack.
If the Russia connection is confirmed, it will be the most sophisticated known theft of American government data by Moscow since a two-year spree in 2014 and 2015, in which Russian intelligence agencies gained access to the unclassified email systems at the White House, the State Department and the Joint Chiefs of Staff. It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators — a move that many in his administration now regard as a mistake.
New York Times
Sources
https://www.rawstory.com/2020/12/us-government-hacked-by-russia-trump-mum/#.X9auTXLz5hU.twitter
https://www.reuters.com/article/us-usa-cyber-treasury-exclsuive/suspected-russian-hackers-spied-on-u-s-treasury-emails-sources-idUSKBN28N0PG
https://www.reuters.com/article/us-usa-cyber-treasury-britain/global-security-teams-assess-impact-of-suspected-russian-cyber-attack-idUSKBN28O1K3
https://www.bloomberg.com/news/articles/2020-12-14/u-s-government-agencies-attacked-by-hackers-in-software-update
https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html
https://www.usnews.com/news/world/articles/2020-12-14/suspected-russian-hackers-breached-us-department-of-homeland-security-sources
https://news.yahoo.com/mike-pompeo-says-russia-pretty-102330062.html
https://www.cnn.com/2020/12/19/politics/pompeo-us-government-hack-russia/index.html