Agency: Hack puts US at ‘grave risk’
Russia thought to be behind intrusion of government systems
WASHI NG T O N — Federal officials issued an urgent warning Thursday that the hackers who were working for a foreign government and penetrated deep into government systems had used a wider variety of techniques in their cyberoffensive — and they warned that the hacking was “a grave risk to the federal government.”
The discovery complicates the challenge for federal investigators as they search through computer networks used by the Treasury, Defense and Commerce departments, as well as nuclear laboratories, trying to assess the damage and understand what the Russian actors had stolen. Although the government warning made no specific reference to the origin of the hacking, intelligence agencies have told Congress that they believe it was carried out by an elite Russian intelligence agency.
Minutes after the statement from the cybersecurity arm of the Department of Homeland Security, President-elect Joe Biden, in his first comments on the broadening cyberattack, warned that his administration would impose “substantial costs” on those responsible.
“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”
President Donald Trump, whose administration has been criticized for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presi
dential election, has made no public statements about the breach.
A U.S. official, speaking Thursday on condition of anonymity, said the hack was extremely damaging.
“This is looking like it’s the worst hacking case in the history of America,” the official told The Associated Press.
The government warning, issued by the Cybersecurity and Infrastructure Security Agency, gave no details. But it confirmed suspicions voiced this week by FireEye, a cybersecurity firm, that there were almost certainly other pathways that had been found for the attack.
FireEye was the first to inform the government that a Russian intelligence agency’s hackers had, since this spring, gotten into critical network monitoring software used by the government, hundreds of Fortune 500 companies and companies that oversee critical infrastructure, including the
power grid.
Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks.
But the extent and depth of the hacking raises concerns that hackers could use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, there has been no evidence of that happening.
The alert also ramped up the urgency of government warnings. After playing down the episode — in addition to Trump’s silence, Secretary of State Mike Pompeo deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the new alert left no doubt the assessment had
changed.
“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the alert said.
“It is likely that the adversary has additional initial access vectors and tactics, techniques and procedures,” which, it said, “have not yet been discovered.”
“Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,” the warning said. It could take months, investigators say, to unravel the extent to which U.S. networks are compromised.
Officials say that with only one month left in its tenure, the Trump administration is planning to hand off what appears to be the biggest cybersecurity breach of federal networks in more than two decades.
Biden’s statement said he had instructed his transition team to learn as much as possible about “what appears to be a massive cybersecurity breach affecting potentially thousands of victims.”
“My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said, adding that he plans to impose “substantial costs on those responsible.”
The cybersecurity agency’s warning came just days after Microsoft, which produces Windows software and monitors the global network of computers that make use of Windows, took emergency action along with FireEye to halt the communication between the SolarWinds network management software and a command-and-control center Russians were using to send instructions to their
malware using a so-called kill switch.
But it is of no help to organizations already penetrated because the first software was corrupted with malware in March. And the key line in the warning said that the SolarWinds “supply chain compromise is not the only initial infection vector” used to get into federal systems. That suggests other software, also used by the government, has been infected and used for access by foreign spies.
At the Department of Energy, an initial investigation revealed that malware injected into its networks via a SolarWinds update has been found only on its business networks and has not affected national security operations, including the agency that manages the nation’s nuclear weapons stockpile, according to a statement.