New York

U.S. agency hacks in months of global cyber espionage campaign

Hacking news, first reported by Reuters, arrived less than a week after FireEye revealed that a country hacker had breached the network and stole the company’s own hacking tools.

An obvious route to Treasury and Commerce hacking (and FireEye breaches) is a very popular server software called SolarWinds. Alperovitch, a former chief technology officer of cybersecurity firm CrowdStrike, said it is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and several U.S. federal agencies. I’m trying to apply a patch.

The DHS Directive (fifth since it was created in 2015) stated that US agencies should immediately disconnect or power off all machines running the affected SolarWinds software.

In a blog post, FireEye identified a “global campaign” targeting the government and private sector that has slipped malware into SolarWinds software since spring, through a study of its own network hacking, without specifying a specific target. Said. update. Neither the company nor the US government have publicly identified that Russian state-sponsored hackers are responsible.

The malware provided hackers with remote access to the victim’s network, and Alperovitch said SolarWinds would allow “God-mode” access to the network and make everything visible.

“Once all the information is available, we expect this to be a huge event,” said John Hultquist, director of threat analysis at FireEye. “The actors are stealth, but we’re certainly finding a target they’re working on.”

The SolarWinds website states that it has 300,000 customers worldwide, including all five US military branches, the Department of Defense, the Department of State, NASA, the National Security Agency, the Department of Justice, and the White House. The top 10 US telecommunications companies and the top 5 US accounting firms are among the customers.

FireEye said it had confirmed the infection in North America, Europe, Asia, and the Middle East (including the healthcare, oil and gas industries) and notified affected customers around the world for the past few days. Its customers include federal, state, and local governments, as well as the world’s top companies.

The malware on the SolarWinds update states that it did not seed self-propagating malware. For example, the NotPetya malware that blamed Russia has caused more than $ 10 billion in damage worldwide. To actually invade infected tissue, “it required careful planning and manual interaction.”

So it’s good that only a subset of infected tissue was spyed by hackers. The nation-state has priorities for cyber-spy activities, including the development of the COVID-19 vaccine.

Kremlin spokesman Dmitry Peskov said on Monday that Russia “has nothing to do with hacking.”

“Once again, I can reject these accusations,” Peskov told reporters. “If Americans couldn’t do anything about it for months, perhaps one shouldn’t blame the Russians for everything.”

On Sunday, the US embassy in Russia said the attempt to blame Russia was “unfounded.”

The Treasury referred the request for comment to the National Security Council, and its spokesman, John William, said the government “all necessary to identify and correct any problems that may be related to this situation. We are taking steps. “

The government’s cybersecurity and infrastructure security agencies said they are working with other agencies to “identify and mitigate potential breaches.” The FBI said it was engaged in the response, but declined to comment further.

President Donald Trump fired CISA director Chris Krebs last month after Krebs assured the integrity of the presidential election and challenged Trump’s allegations of widespread fraud.

“This kind of hacking takes extraordinary trade crafting and time,” Krebs said in a tweet on Sunday, adding that he believes the impact is just beginning to be understood.

Federal agencies have long been attractive targets for US government officials and foreign hackers seeking insight into policymaking.

For example, a Russian-related hacker broke into the State Department’s email system in 2014 and was completely infected, requiring experts to block it from the Internet to eliminate the intrusion. A year later, a hack in the U.S. government’s Human Resources Department, which accused China, leaked the personal information of about 22 million current, former, and future federal officials, including sensitive data such as background checks. did.

The intrusion disclosed on Sunday included a Commerce Department agency responsible for Internet and telecommunications policy. A spokeswoman confirmed “a breach in one of our offices” and said “we asked the CISA and FBI to investigate.”

Based in Austin, Texas, SolarWinds exposes “potential vulnerabilities” related to updates released between March and June for a software product called Orion that helps monitor network issues. I confirmed it on Sunday.

“We believe this vulnerability is the result of a highly sophisticated and targeted manual supply chain attack by the state,” SolarWinds CEO Kevin Thompson said in a statement. He said it works with the FBI, FireEye and the intelligence community.

FireEye announced that it was hacked on December 8th, when hackers from foreign states with “world-class capabilities” broke into the network and stole the tools they used to investigate the defenses of thousands of customers. Said. In a statement, FireEye CEO Kevin Mandia said the hackers “were primarily looking for information related to specific government customers.”

Former NSA hacker Jake Williams, president of cybersecurity firm Rendition Infosec, said FireEye did tell the FBI and other federal partners how it was hacked, and the Treasury also determined it was breached.

“I think many of the other (federal) agencies I’ve heard from this week have also been hit,” Williams added.

FireEye responded to Sony and Equifax data breaches and helped Saudi Arabia thwart cyberattacks in the oil industry. It has also played an important role in identifying Russia as the protagonist of numerous attacks in the hell of a fast-growing global digital conflict.

Mandia said there were no signs of obtaining customer information or threat intelligence data collected from the company’s consulting or breache response business.


Bajak reported from Boston and O’Brien from Providence, Rhode Island.

U.S. agency hacks in months of global cyber espionage campaign

Source link U.S. agency hacks in months of global cyber espionage campaign

Back to top button