14:37 GMT28 January 2021
Listen Live
    US
    Get short URL
    by
    226
    Subscribe

    On Sunday, Reuters reported that a "sophisticated" group of hackers allegedly backed by a foreign government had breached the networks of the US Treasury Department and National Telecommunications and Information Administration, with similar attacks reportedly targeting other government agencies.

    The Cybersecurity and Infrastructure Security Agency (CISA), America’s top cybersecurity entity, issued an emergency directive asking all federal civilian agencies and their public and private partners to stop using products by SolarWinds, following a hack attack on the US Treasury. The Austin-based network management company provides networking monitoring services to a slew of US government agencies, private entities, and corporations.

    “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” Brandon Wales, CISA Acting Director, said in a statement on Sunday.

    “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and to secure their networks against any exploitation,” he added.

     

    The emergency directive, just the fifth of its kind to be issued in the past five years, instructs federal agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.” In addition, the agency has asked “all agencies operating SolarWinds products” to “provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.”

    CISA provided no further information about the hacks, who it suspects is responsible, or what information has been stolen. 

    However, the Washington Post reported on Sunday that Cozy Bear, a hacking group with alleged ties to Russian military intelligence, was “likely” involved, with the breach purportedly undetected for several months. The newspaper has not provided any substantive evidence to back this up. The Russian Embassy in Washington DC dismissed the newspaper’s claims, insisting that Russia “does not conduct offensive operations in the cyber domain.”

    FireEye, a major California-based cybersecurity company which itself recently suffered a major online security breach, estimates that the US Treasury hack started in the spring of 2020. It also claims that the cyber criminals may have found sensitive information linked to state and private organisations and corporations across the world. FireEye added that the breach was the “work of a highly skilled actor.”

    SolarWinds has over 300,000 clients around the world, including major US government agencies and most of the Fortune 500. They include the Office of the President of the United States, Secret Service, Pentagon, State Department, Federal Reserve, NASA, National Security Agency, Centres for Disease Control and Department of Justice. Major companies using the service include Microsoft, Ford Motor Company, Visa and Mastercard, AT&T, Credit Suisse, PwC, Lockheed Martin, CBS, Time Warners, McDonald’s, Comcast, The Gates Foundation, the New York Times, and a host of others.

    No group has claimed responsibility for the hack attack.

     

     

    The US and its allies have stepped up reports about foreign hack attacks in recent months, blaming Russia, China, Iran, and North Korea. Washington claims these states meddled in the recent presidential elections, while also spying on Western coronavirus vaccine efforts.

    Earlier this year, former US National Security Agency technical director and veteran cryptographer Bill Binney told Sputnik that the Central Intelligence Agency had developed a tool known as the “Marble Framework” to spoof attacks to make them seem as though they’re coming from a third party or country.

    Related:

    Russian Cybersecurity Firm Kaspersky Lab Working on Hack-Proof Smartphone
    New Smartphone Tool to Track COVID-19 Vaccine Side Effects Vulnerable to Hacking - Health Experts
    US Treasury Hacked by 'Sophisticated' Foreign Government-backed Actors, Report Says
    British Cyber Spies Unaware of Any UK Impact from US Hacking, Says Downing Street Spokesman
    Community standardsDiscussion