US President-elect Joe Biden, in a statement on Thursday, vowed to take action against those behind recent cyberattacks against US entities, outlining that he would to make cybersecurity "a top priority" after he takes office.
“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place. We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners,” Biden said in a statement.
The president-elect added that, although not everything about the attack is clear, "what we do know is a matter of grave concern".
What Is Known?
The massive hacking attack was reported last week and was said to have targeted multiple government and business entities in the United States.
Cybersecurity company FireEye said the attack was conducted through the widely-used Orion network monitoring product developed and marketed by US company SolarWinds, and performed by a "sophisticated" hacking group allegedly "backed by the foreign government".
"We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain. This compromise is delivered through updates to a widely-used IT infrastructure management software—the Orion network monitoring product from SolarWinds", FireEye said on 13 December.
On Tuesday, the US Homeland Security Department acknowledged cyber breaches across the federal government and said that it was "working closely with our partners in the public and private sector on the federal response".
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday asserted that the hacking attack put all levels of the US government in "grave" peril, and reports continue to emerge saying that pathways to affect multiple US entities were found.
Two US House committees, the Homeland Security Committee and the Oversight and Reform Committee, stated on Thursday that they had launched an investigation into the cyberattack.
“Our Committees are seeking information related to the apparent, widespread compromise of multiple federal government, critical infrastructure, and private sector information technology networks,” the Homeland Security Committee chair, Bennie Thompson, and the Oversight and Reform Committee chairwoman, Carolyn Maloney, wrote to the FBI, the Homeland Security Department and the office of the Director of National Intelligence.
What Do the Reports Say?
The New York Times said, referring to a warning issued by the Department of Homeland Security, that the hackers used different types of malware and various techniques.
The report noted, however, that investigators do not have a comprehensive list of what software in government agencies has been corrupted.
According to reports, hackers successfully breached the US Treasury Department and the National Telecommunications and Information Administration. Several federal government entities were reportedly affected, including the Pentagon, the Commerce Department, the Department of Homeland Security, the Department of the Treasury and the National Institutes of Health.
According to the report, suspicious activites were detected in networks at the Federal Energy Regulatory Commission (FERC), as well as at the Sandia and the Los Alamos national laboratories, and several offices of the Energy Department.
The US Energy Department stated later on Thursday, however, that the hack was isolated to business networks only and never impacted the national security functions of the nation's nuclear network.
Reuters reported on the same day that Microsoft was also hacked, as part of the cyber breach, and, according to sources familiar with the matter, "had its own products leveraged to further the attacks on others".
However, the company's president, Brad Smith, told The NYT times that Microsoft "had no indications of that", refuting the report.
Russian Hackers Again
Shortly after the attack, the Washington Post alleged without proof that the infamous 'Cozy Bear' hacking group, which is claimed to be connected with the Russian government and intelligence, was behind the attack.
The NYT also claimed that the hack was only a "part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies". The outlet also said that the so-called 'espionage attack' has been ongoing since spring.
The well-worn allegations were met in Moscow with scepticism, as the Embassy of Russia in the US denounced them as "unfounded" and once again reiterated that Russia "does not conduct offensive operations in the cyber domain".
Anti-Russia sentiment, particularly regarding cybersecurity, has a long history in the United States, and hardly has there been a single hacking attack in America that has not been blamed on ubiquitous and hidden "Russian hackers".
During the 2016 presidential election in the US, an incident with the hacking of Democratic National Committee emails was also blamed on Russian hackers; at that time, the 'Fancy Bear' group, Cozy Bear's co-villain from the mysterious GRU special unit.
Hysteria regarding the Russian hackers has continued, although the Kremlin has repeatedly dismissed the accusations of attempting to hack US entities or meddle in American politics.