December 14th – After confirming that the Commerce Department had been hacked, the Department of Homeland Security’s cybersecurity department issued an urgent order for all federal private sector agencies to search the network for signs of compromise.
The Cybersecurity and Infrastructure Security Agency issued a directive late Sunday, stating that Austin-based SolarWinds cybersecurity products are “currently being exploited by malicious attackers.”
“The CISA has determined that this abuse of SolarWinds products poses unacceptable risks,” he said, adding that the impact of a successful attack could be “significant.”
According to the company’s website, SolarWinds products are used by more than 300,000 US Fortune 500 companies, five US military branches, the Department of Defense, the Department of Defense, and Cheong Wa Dae.
The company described the attack as “very sophisticated” in a statement, most likely by an external state targeting a particular entity.
The extent of the intrusion is unknown, but the Commerce Department confirmed in a statement to CNN that it was one of the federal agencies that violated it.
“We can confirm that there was a breach in one of our stations,” it said without identifying any. “We asked the CISA and FBI to investigate, but we can’t comment further at this time.”
In a statement, National Security Council spokesman John William said the U.S. government was aware of the report and said, “All steps needed to identify and correct possible problems related to the situation. We are taking steps. “
A week after FireEye, a leading U.S. cybersecurity firm working with both government and private clients, announced on Tuesday that it had been hacked by a “country with top-notch attack capabilities” that stole tools used to imitate. The infringement occurred in less than a minute. Malicious cyber actor behavior to test security systems.
The company said on Sunday that the survey revealed a “global campaign” for public and private networks offered through updates to SolarWinds’ network monitoring products.
“This campaign shows top-notch operational tradecraft and resources in line with state-sponsored threat actors,” FireEye CEO Kevin Mandia said in a statement.
The company said it had identified multiple organizations accusing it of being breached as far back as spring, and said each attack required “well-planned and manual dialogue.”
According to SolarWinds, the update in question was released between March and June.
The attack occurred a week after the National Security Agency warned that “malicious cyber actors sponsored by the Russian state” were exploiting vulnerabilities in software used in the U.S. government sector. I will.
In response to speculation that Russia was behind the attack revealed on Sunday, it said “malicious activity in the information space” was inconsistent with its understanding of foreign policy, national interests and interstate relations.
“Russia is not conducting aggressive operations in the cyber domain,” the Russian embassy in the United States said in a statement released on Facebook.
The CISA issued an urgent directive stating that agencies operating SolarWinds products need to provide a complete report on the analysis of potential breaches by noon on Monday.
“Tonight’s Directive aims to mitigate potential breaches within the federal private network. All partners in the public and private sectors will be evaluated for exposure to this breach and will network from any abuse. We recommend that you protect your network, “says Brandon Wales. CISA’s deputy director said in a statement.
CISA orders US distributors to search for network breaches.Commerce Department confirms data leak
Source link CISA orders US distributors to search for network breaches.Commerce Department confirms data leak