Cyberattack ‘grave risk’ to public, private sectors
A devastating cyberattack believed to be tied to Russia continues to pose a “grave risk” to government networks and the private sector, according to an ominous warning issued Thursday by the Department of Homeland Security.
The bulletin from DHS’ Cybersecurity and Infrastructure Security Agency represented the most striking assessment yet of a cascading threat to federal, state and local networks.
“CISA has determined that this threat poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the bulletin stated.
“This ... actor has demonstrated patience, operational security, and complex trade-craft in these intrusions,” CISA said of the hackers, adding that the ongoing effort to eliminate the threat would “will be highly complex and challenging.”
Networks at the Department of Energy and the National Nuclear Security Administration, which manages the country’s nuclear weapons stockpile, also might have been compromised according to reports by the Washington Post and Politico.
The attacks, which have targeted major branches of the U.S. government, has put an untold number of Americans, agencies and government secrets at risk of compromise.
The attackers penetrated federal computer systems through a popular piece of server software offered through a company called SolarWinds.
The threat apparently came from the same cyberespionage campaign that hit cybersecurity firm FireEye,
foreign governments and major corporations.
The system is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies, which will now be scrambling to patch up their networks.
The attackers planted malware in computer networks after using what FireEye CEO Kevin Mandia has called “a novel combination of techniques not witnessed by us or our partners in the past.”
In its alert Thursday, CISA said that is “likely” that full scope of the campaign remains unclear as additional intrusions “have not yet been discovered.”
“Due to the nature of this pattern of adversary activity – and the targeting of key personnel, incident response staff, and IT email accounts – discussion of findings ... should be considered very sensitive, and should be protected by operational security measures,” the CISA said.
The agency also indicated that some of the intrusions might have occurred as early as March.
Late Wednesday, the FBI, in a joint statement with CISA and the Director of National Intelligence, called the attack “a developing situation.”
“While we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the agencies said.
President-elect Joe Biden said Thursday that his transition team had been briefed on what he described on what “appears to be a massive cybersecurity breach affecting potentially thousands of victims.”
“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said in a statement.
Tom Bossert, a former homeland security adviser to President Donald Trump, said the “magnitude of this ongoing attack is hard to overstate.”
“The Russians have had access to a considerable number of important and sensitive networks for six to nine months,” Bossert said in column published in the New York Times, adding that Russian intelligence officials have likely gained “administrative control over the networks it considered priority targets.”
“For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call ‘persistent access,’ meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”