As reported by PoliAlert, the United States government was a victim of a systems breach by Russian hackers. The intrusion was thought to have only affected a limited amount of agencies, but that was before the depth of the breach was discovered. The Department of Homeland Security has found proof that the U.S. is under a massive ongoing cyber-attack.
The hackers are suspected of using SolarWinds, a network management platform, to gain entry into the systems, but that initial report has been updated. The Cybersecurity and Infrastructure Security Agency revealed that the Russian hackers are behind a massive, ongoing intrusion campaign into government agencies, private companies, and critical infrastructure entities using various unidentified tactics and not just a single compromised software program.
Specifically, CISA said it has determined that the SolarWinds Orion software vulnerability disclosed earlier this week is not the only way hackers compromised a variety of online networks — warning that in some cases, victims appeared to have been breached despite never using the problematic software.
CISA also acknowledged that the hackers used “tactics, techniques, and procedures that have not yet been discovered,” adding that it is continuing to investigate how other intrusion methods may have been used since the campaign began months ago. The agency also warns “that removing this threat actor from compromised environments will be highly complex and challenging for organizations.” In addition, “CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
The analysis comes as the list of US agencies, private companies, and other entities affected by the hacking campaign continues to increase.
The Department of Energy stated it had evidence that hackers accessed some of its networks using the same malware associated with the ongoing data breach already impacting almost half a dozen federal agencies. This particular agency is of much significance because it oversees the National Nuclear Security Administration, which oversees nuclear weapons’ stockpile.
Also, Microsoft is reporting more than 40 of its partners have also been affected by the hack. 80% of the victims identified by Microsoft are in the US, while the remaining are U.S. allies: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the United Arab Emirates.
President Donald Trump has been silent about the hacking but continues to threaten to veto the National Defense Authorization Act, which includes money to help prevent such cyberattacks. Also, Trump eliminated the cyber coordinator position on the National Security Council early in his tenure as president. The cyber coordinator would be the person in charge of coordinating a response to the ongoing threat. ”It’s not even clear…what agency would have the primary jurisdiction over this entire matter,” states acting chairman of the Senate Intelligence Committee, Florida Republican Senator, Marco Rubio
In response to the attack, President-Elect Joe Biden pledged to make cybersecurity a key area of focus for his administration. In a strongly-worded statement, Biden said:
A good defense isn’t enough; We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place…We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.