The suspicion of a Russian hack on the USA is far worse than initially feared
The scale of an elaborate cyberattack on the US government that was exposed this week is much larger than initially thought.
The agency for cybersecurity and infrastructure security said in a summary on Thursday that the threat “poses a serious risk to the federal government”.
It added that “state, local, tribal and territorial governments, as well as critical infrastructure units and other private sector organizations” are also at risk.
CISA believes the attack started at least as early as March. Since then, several government agencies have been reportedly attacked by the hackers, which the Energy and Commerce departments have so far confirmed.
“This threat actor has demonstrated sophistication and sophistication in these interventions,” said CISA. “Removing the threat actor from compromised environments will be very complex and challenging.”
CISA has not said who it believes is the “advanced actor of the ongoing threat” behind the “significant and ongoing” campaign, but many experts point to Russia.
“The scale of this ongoing attack is difficult to exaggerate,” former Trump Homeland Security Advisor Thomas Bossert said Thursday in an article for the New York Times. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”
Russian presidential spokesman Dmitry Peskov denied the allegations, according to the Tass news agency.
“Even if it is true that there have been some attacks over many months and the Americans have not done anything about it, it may be wrong to immediately bash the Russians,” he told Tass. “We have nothing to do with it.”
The Russian embassy in London did not immediately respond to CNBC’s request for comment.
The FBI said Wednesday it is “investigating and gathering information to attribute, track and disrupt the responsible threat actors.”
It is not currently clear what the hackers did other than access top secret government networks and monitor data.
Hackers have also accessed systems operated by the National Nuclear Security Administration, which, according to the Politico news site, maintains US nuclear weapons supplies using officials familiar with the matter.
SolarWinds back door
According to CISA, those behind the attack used network management software from SolarWinds, an IT company headquartered in Texas, to breach government networks.
Up to 18,000 SolarWinds Orion customers downloaded a software update that included a back door that gave the hackers access to the networks.
CISA released an “Emergency Policy” this week instructing civil federal agencies to “immediately disconnect or turn off affected SolarWinds Orion products from their network.”
However, the perpetrators may have used other means to access the networks. According to CISA, Thursday is investigating “evidence of additional access vectors other than the SolarWinds Orion platform”.
Targeted Microsoft customers
According to Reuters, Microsoft was hacked in connection with the attack on SolarWinds’ widespread management software.
As with the SolarWinds cyberattack, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter.
“We have been actively looking for indicators of this actor and can confirm that we have discovered malicious SolarWinds binaries in our environment that we have isolated and removed. We have found no evidence of access to production services or customer data,” said a Microsoft – Spokesperson in a statement shared with CNBC.
“Our ongoing research has found absolutely no evidence that our systems have been used to attack anyone,” they added.
Microsoft said more than 40 client organizations were compromised in the attack.
“While around 80% of these customers are in the US, victims in seven other countries have also been identified in this work,” said Microsoft President Brad Smith on a blog.
“These include Canada and Mexico in North America, Belgium, Spain and the United Kingdom in Europe, and Israel and the United Arab Emirates in the Middle East. It is certain that the number and location of victims will continue to increase.”
Smith added that “this is not the usual espionage,” and “while governments have spied on each other for centuries, recent attackers used a technique that has compromised the technology supply chain for the wider economy.”
US President-elect Joe Biden pledged on Thursday to make cybersecurity a focus of his administration.
“A good defense is not enough. We must first prevent our opponents from carrying out significant cyber attacks,” said Biden in a statement from his transition team.
“We will do this by, among other things, imposing substantial costs on those responsible for such malicious attacks, also in coordination with our allies and partners. Our opponents should know that I, as President, will not remain idle cyber attacks on our nation.”
President Donald Trump, who has remained silent about the hacking, threatened Thursday with a veto on the National Defense Authorization Act, which contains money to prevent such cyberattacks.