Powered by
Sponsored by

US nuclear security agency among those hacked in worst-ever cyber attack

Suspected Russian hacking campaign said to have lasted up to nine months

CYBER-ATTACK/FAILURES, hack representational image Representational Image | Reuters

With details still emerging on the sprawling cyberattack that targeted key US government and private institutions, it is becoming increasingly clear that this was an unprecedented act of cyber espionage.

According to a report by Politico, citing officials aware of the matter, the US National Nuclear Security Administration, in charge of maintaining the country’s nuclear arsenal, was among the government agencies whose systems hackers were able to access. When the hack was first reported, it was known to have affected the US Treasury Department, the National Telecommunications, an agency under the US Department of Commerce. The US Department of Energy later admitted it was among those whose systems were breached.

"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the department, including the National Nuclear Security Administration," Shaylyn Hynes, a DOE spokesperson, said in a statement.

"When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network," the spokesperson added.

In a joint statement by the FBI, the Cybersecurity and Infrastructure Agency (CISA) and the Office of the Director of National Intelligence on Thursday, they called it a developing situation and confirmed that the compromise had affected networks within the federal government

“As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue and disrupt the responsible threat actors,” the statement said.

CISA noted that the hack utilised "tactics, techniques and procedures that have not yet been discovered."

According to Politico, the extent of the damage and breach of data at networks in the Federal Energy Regulatory Commission remains unknown.

Later, software giant Microsoft also revealed that they had been compromised by the attack, which made use of a vulnerability in the 'Orion' IT management software by SolarWinds, which is reportedly used by nearly all Fortune 500 companies.

The hackers also broke into networks of US cable firm Cox Communications.

According to former Homeland Security Advisor Thomas Bossert, who was sacked from the post in 2018 as John Bolert took over (who was sacked the next year), the "Russians" believed responsible may have had access to these systems for between six to nine months. In an article in the New York Times, Bossert said the scale of the breach was "hard to overstate" and said the US should now act as if the Russian government had gained control of the networks it has penetrated. 

The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services, he wrote. Members of Congress said they feared that taxpayers' personal information could have been exposed because the IRS is part of Treasury.

The worst hacking attack in US history

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) said the intrusion had compromised federal agencies as well as critical infrastructure in a sophisticated attack that was hard to detect and will be difficult to undo.

CISA did not say which agencies or infrastructure had been breached or what information taken in an attack that it previously said appeared to have begun in March. The Department of Energy acknowledged in a separate statement that it was among those that had been hacked.

This threat actor has demonstrated sophistication and complex trade-craft in these intrusions, the agency said in its unusual alert. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging. 

The hack, if authorities can indeed prove it was carried out by a nation such as Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office. Russia, however, has denied any role in the attacks.

Trump, whose administration has been criticised for eliminating a White House cybersecurity advisor and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.

President-elect Joe Biden said he would make cybersecurity a top priority of his administration, but that stronger defences are not enough.

We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place, he said. We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. 

The cybersecurity agency previously said the perpetrators had used network management software from Texas-based SolarWinds t o infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.

Over the weekend, amid reports that the Treasury and Commerce departments were breached, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.

A US official previously told The Associated Press that Russia-based hackers were suspected, but neither CISA nor the FBI has publicly said who is believed to be responsible. Asked whether Russia was behind the attack, the official said: We believe so. We haven't said that publicly yet because it isn't 100% confirmed. Another US official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.

This is looking like it's the worst hacking case in the history of America, the official said. They got into everything. The official said the administration is working on the assumption that most, if not all, government agencies were compromised but the extent of the damage was not yet known.

At the Department of Energy, the initial investigation revealed that malware injected into its networks via a SolarWinds update has been found only on its business networks and has not affected national security operations, including the agency that manages the nation's nuclear weapons stockpile, according to its statement. It said vulnerable software was disconnected from the DOE network to reduce any risk.

The intentions of the perpetrators appear to be espionage and gathering information rather than destruction, according to security experts and former government officials. If so, they are now remarkably well situated.

Among the business sectors scrambling to protect their systems and assess potential theft of information are defence contractors, technology companies and providers of telecommunications and the electric grid.

A group led by CEOs in the electric power industry said it held a situational awareness call earlier this week to help electric companies and public power utilities identify whether the compromise posed a threat to their networks.

With inputs from AP

TAGS

📣 The Week is now on Telegram. Click here to join our channel (@TheWeekmagazine) and stay updated with the latest headlines