The Cybersecurity and Infrastructure Security Agency (CISA), America’s top cybersecurity entity, issued an emergency directive asking all federal civilian agencies and their public and private partners to stop using products by SolarWinds, following a hack attack on the US Treasury. The Austin-based network management company provides networking monitoring services to a slew of US government agencies, private entities, and corporations.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” Brandon Wales, CISA Acting Director, said in a statement on Sunday.
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and to secure their networks against any exploitation,” he added.
The emergency directive, just the fifth of its kind to be issued in the past five years, instructs federal agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.” In addition, the agency has asked “all agencies operating SolarWinds products” to “provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.”
However, the Washington Post reported on Sunday that Cozy Bear, a hacking group with alleged ties to Russian military intelligence, was “likely” involved, with the breach purportedly undetected for several months. The newspaper has not provided any substantive evidence to back this up. The Russian Embassy in Washington DC dismissed the newspaper’s claims, insisting that Russia “does not conduct offensive operations in the cyber domain.”
FireEye, a major California-based cybersecurity company which itself recently suffered a major online security breach, estimates that the US Treasury hack started in the spring of 2020. It also claims that the cyber criminals may have found sensitive information linked to state and private organisations and corporations across the world. FireEye added that the breach was the “work of a highly skilled actor.”
SolarWinds has over 300,000 clients around the world, including major US government agencies and most of the Fortune 500. They include the Office of the President of the United States, Secret Service, Pentagon, State Department, Federal Reserve, NASA, National Security Agency, Centres for Disease Control and Department of Justice. Major companies using the service include Microsoft, Ford Motor Company, Visa and Mastercard, AT&T, Credit Suisse, PwC, Lockheed Martin, CBS, Time Warners, McDonald’s, Comcast, The Gates Foundation, the New York Times, and a host of others.
No group has claimed responsibility for the hack attack.
Earlier this year, former US National Security Agency technical director and veteran cryptographer Bill Binney told Sputnik that the Central Intelligence Agency had developed a tool known as the “Marble Framework” to spoof attacks to make them seem as though they’re coming from a third party or country.
