- Several US government agencies including the US treasury has been targeted in a highly sophisticated cyber-attack.
- The Russian government has completely denied their involvement in the hack, terming the allegations as “baseless”.
- Hackers were able to gain access to US government agencies computers through a remote diagnosis software called SolarWinds Orion.
The US Treasury which is responsible for engraving and printing United States Dollars (USD) has been targeted by suspected Russian hackers along with departments of Homeland Security, State, Defence, and Commerce.
The Russian government has denied the claims that they are behind this sophisticated cyber-attack and have termed the accusations as "baseless". Kremlin spokesman Dmitry Peskov said Monday that Russia had "nothing to do with" the hacking.
Malicious activities in information space contradicts the principles of the foreign policy, national interests and our understanding of interstate relations.— Russian Embassy in USA (@RusEmbUSA) December 14, 2020
According to the Washington Post, "It is unclear what information has been stolen or exposed in the hack, but the attackers have been monitoring networks since March and were active as recently as Sunday."
The attacks were first revealed by Reuters, identifying breaches at the Treasury and Homeland Security, the department which manages cyber-security for the US government. DHS cyber arm, which is tasked with helping safeguard the nation from attacks by malicious foreign actors, is among the US government agencies compromised in the hack.
What went wrong?
SolarWinds Orion is a Texas-based company specialising in computer networking tools. It is at the source of the breach. The software allows IT, staff, to remotely access computers on corporate networks. In what is termed as a "supply-chain attack" in computer science, hackers gained access to SolarWinds Orion and as a result, were able to access all of its customers networks which includes several US government agencies.
FireEye, another company that provides US government cyber-security, identified the large-scale cyber campaign after it fell victim to the hackers in a separate attack. According to Fireye, "The actors manipulated SolarWinds Orion's software updates to include malware which, once installed, allowed the hackers to monitor its customers' systems."
In a statement on its website, Solarwinds said, "We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack." The company has urged all users of its Orion platform to update their software immediately for security.
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at https://t.co/scsUhZJCk8— SolarWinds (@solarwinds) December 14, 2020
CISA said it was working with other agencies to help "identify and mitigate any potential compromises." The FBI said it was engaged in a response but declined to comment further. President Donald Trump last month fired the director of CISA, Chris Krebs after Krebs vouched for the integrity of the presidential election and disputed Trump's claims of widespread electoral fraud.
In a tweet Sunday, Krebs said "hacks of this type take exceptional tradecraft and time," adding that he believed that its impact was only beginning to be understood.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.— Chris Krebs (@C_C_Krebs) December 13, 2020
The United States federal agencies have long been attractive targets for foreign hackers looking to gain insight into American government personnel, defence, and industrial technologies as well as policymaking. Hackers linked to Russia, for instance, we're able to break into the State Department's email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation. A year later, a hack at the U.S. government's personnel office blamed on China compromised the personal information of some 22 million current, former and prospective federal employees, including highly sensitive data such as background investigations.
The investigation into this hack will be months long and its consequences could take years to be realised. "This can turn into one of the most impactful espionage campaigns on record," said cybersecurity expert Dmitri Alperovitch.